infosec

The Ledger employee that got phished was actually a _former_ Ledger employee that still had access to Ledger’s systems 🤯 

Huge negligence on Ledger’s part

security engineering and applied cryptography mantej.blog

this is the part that makes me not believe that it was a phishing attack. somehow, the one former employee who somehow still had access was the one targeted?

prev. EY-Parthenon | JPMorganChase&Co





Twitter🐦: x.com/0xMawuko
























Probably doing stuff and things.

Targeting might have begun based on who has rights to push updates. The attacker might not have even known that the former employee didn't work there anymore, and maybe the former employee's guard was down because they didn't realize how powerful their creds still were.

Super duper common. Embarrassing, but common.