We are receiving reports of malicious access to Ambire Wallet email accounts.
All these accounts are registered with email addresses that have been compromised in the CoinMarketCap/Ledger/other hacks.
Our internal investigation shows that internal Ambire systems have NOT been compromised. All of the affected accounts we’ve investigated have suffered from their email getting compromised, resulting in the 3 day password recovery procedure being triggered and completed.
Even if your email has been compromised, this doesn’t affect you if you’re using Ambire with a hardware/web3 wallet signer only.
Our security team will continue investigating the situation and gather data.
In case you have any questions or concerns about this, please get in touch with via our Help Center.
If you have an Ambire account with email/password, make sure to secure it against this by enabling 2-factor authentication (2FA) for your wallet.
How to enable 2FA
Step 1: Log in to your Ambire Wallet account.
Step 2: Go to the "Security" page from the menu on the left
Step 3: In the "Authorized signers" section on the top, click on the button that says "Enable 2FA".
Step 4: On the next screen, you will see a QR code. Scan this code with your Google Authenticator app or another authentication app you use.
Step 5: Scroll down, then click on the "Send Email" button to receive a confirmation code via email. When you receive the code, enter it in that field.
Step 6: Then enter the code that you see for your Ambire Wallet in the Google Authenticator app (or another authentication app you may be using).
Step 7: Click on "Enable 2FA".
With 2FA enabled for your Ambire Wallet, even if your email gets hacked, no access to your Ambire Wallet will be possible unless the hacker gets hold of your phone and your Google Authenticator app.
More tips on staying safe online
Here are a few tips for cybersecurity hygiene that will help you stay safer on the internet.
- Protect your email. It's ok to use common email providers like Gmail for example, but always make sure to enable any advanced protection mechanism at your disposal - including 2FA for your email!
- Do not reuse passwords.
- Make sure to change your passwords regularly, especially after a major hack/leak.
- Regularly run your email address through sites like https://haveibeenpwned.com/ to ensure it hasn't appeared in a hack/leak.
- Set alerts for your crypto wallets. Sites like Etherscan let you create alerts or watchlists for particular addresses - in the case with Etherscan, you just need to register an account to set this up. We recommend that you use a different email address than the one registered with your crypto wallet for additional security.