French hardware wallet maker Ledger is offering $400,000 worth of Bitcoin for information leading to the culprits of an ongoing phishing campaign targeting its users.
The sudden push comes after Shopify notified Ledger that its customer database had been stolen by a rogue employee in mid-2020.
Ledger says this means an additional 20,000 customer records have now leaked — on top of the 270,000 records already dumped online.
The data includes “email, name, postal address, product(s) ordered, and phone numbers” of Ledger users, presenting a huge security risk to anyone valuing financial privacy.
Ledger’s 10 BTC is currently sitting in a Bitcoin address which the company shared publicly, effectively opening possibility for crowd-funders to boost the reward.
It however remains a mystery as to why Shopify notified Ledger about the data leak in December — six months after the original incident.
It’s also unclear why Ledger, which knew about the additional leak before Christmas, waited until mid-January to warn its customers.
[Read more: Data dump exposes Ledger users to fraud]
Ledger users have already reported being phished for seed phrases by well-crafted emails and SMS messages.
Ledger emphasizes their physical devices are entirely safe, and that all cryptocurrency stored on them has not been compromised — unless users have given up their 24-word seed phrases.