Ledger User’s Guide to Protecting Yourself
First off and most importantly NEVER enter your 24 seed mnemonic phrase on any website, or anywhere on a computer or phone. Not even from a request from Ledger. And never for any kind of transactions. Never for any supposedly new security measures.
This is basically all they’re really after.
1- Protect your email.
I would highly recommend changing email altogether. Especially if it’s an email you use for logins for other services. Stay away from shitty emails like AOL, Yahoo, MSN, etc… Use email services that offer encryption, like protonmail for instance, or good spam filter like gmail. There are many others.
If you can’t change your email, you don’t necessarily have to. You can still function with the compromised email. Just make sure you make changes to all the accounts that use that email. It’s best not to use that email for logins anymore. But the main use will be for phishing.
Do not open anything related to crypto. In fact even if you haven’t been affected by the hack, it’s best not to touch emails about finance, crypto, or anything you don’t expect. Even emails that claim to be about your order for Amazon, or confirming a payment you’re receiving. Check the site directly, don’t use email links.
2- Phone number.
I would be ideal to change your phone number, but this not gonna be realistic for most people. This is not just to stop the harassment, but remember that you may have SMS confirmation for logins. You may also have 2FA authentication associated to that number. So if you’re keeping your number, just make sure there aren’t any significant security measures relying soly on your phone. Again, the main issue you’ll probably face is just phishing attempts with phone calls and text telling you it’s Ledger and asking for your 24 words.
Maybe don’t even answer phones calls that aren’t on your contacts. If you accidentally answered a malicious phone call, say “wrong number” and hang up, and block that number.
There is a small heightened risk of cell phone cloning with these data breaches. So if you keep the same phone, avoid depending on important security measures on it. And call your phone service immediately to let them know your phone is at risk and ask to secure your sim to avoid cell phone cloning. They may have ways to keep that from happening.
If you need an alternative for your 2FA authentication in this process, you can use Yubikey.
Don’t worry, I’m not gonna tell you to move lol. Anything related to threats to your address needs to be reported to the police so they can start building a case file, and you’ll be able to eventually get help. Take any threatening mail directly to them. And again, the attempts are gonna be mainly focused around phishing, and maybe some trolls, so don’t freak out too much about the address part.
This will hopefully not be the biggest issue. Not many people are gonna be flying all the way from Russia to your house. Risk going to jail, just to wrench attack you for a Ledger that may only have an airline ticket’s worth of crypto on it, or less. But one precaution I would recommend is to always have your phone charged, and don’t turn it off at night, just put it on silent. And maybe install a camera doorbell system.
But in the very unlikely event of a perpetrator coming to your address, they are probably not gonna risk going confrontational, and they’ll be looking for your seed, not your ledger, while you’re gone. So make sure your seed is protected.
4- Tricks to protect your seed.
-One trick is to split it up. Use multiple places. You can even engrave it on something. It’s better when it’s not on paper.
-Scramble your seed. But make sure you do it in a way you can 100% remember, or have a master key to unscramble. It can be as simple as switching numbers 1-24 with a number master list that has the correct number sequence. Just make sure it’s not so complicated for yourself that you can’t figure out how to recover it.
-Use decoys. Have a fake master list somewhere a little more conspicuous.
In fact, on that same note, buy yourself a cheap small safe, as a decoy, and store it in a fairly conspicuously place somewhere in your bedroom. Have your real stuff, stored somewhere else fireproof, doesn’t necessarily have to be a safe, somewhere more inconspicuous and less accessible in your house. If you have a lot of money, you may be looking at a safe deposit box, but those are a little expensive. Also know that the IRS can touch those in a criminal case.
5- Is your Ledger itself compromised?
Here’s at least one bit of good news. Your ledger and funds are safe. In fact, as shitty as Ledger has been as a company, I hate to say it but Ledger is still one of the safer places to store your crypto. It’s good hardware.
In fact I wouldn’t panic and move funds to an exchange, or an online wallet. You should probably still keep it on the Ledger. But if out of principle or for any other understandable reason you don’t feel you want to use Ledger anymore. Trezor is probably the best alternative. It’s important to note that Trezor doesn’t have native apps for any crypto, it’s all 3rd party. But it’s still safe. Understand Trezor does have a lot of the same risks as Ledger, and it’s not immune to data breaches in the future. No company is safe from data breaches.
Your information is something you have to be increasingly careful with. For things like newsletter, subscriptions etc, where it’s not essential to give your real name, don’t give your real name. And use a different email for those.
Feel free to post additional tips and resources in the comments.