tl;dr
Popular hardware cryptocurrency wallet Ledger has been targeted by a new wave of phishing scams. Perpetrators are sending official-looking emails to trick victims into revealing their recovery phrases, exploiting concerns about security and the upcoming holiday season's surge in online transactions....
Exploiters Spoof Ledger Emails to Steal Cryptocurrency Recovery Phrases Popular hardware cryptocurrency wallet Ledger has been targeted by a new wave of phishing scams. Perpetrators are sending official-looking emails to trick victims into revealing their recovery phrases, exploiting concerns about security and the upcoming holiday season's surge in online transactions. The phishing emails appear to be from Ledger and claim that a data breach may have exposed recovery phrases. Recipients are directed to a convincing Ledger-branded website where they are prompted to enter their recovery phrase, which is then stolen. Ledger has reiterated its advice that it will never ask for recovery phrases and emphasized the importance of maintaining proper security hygiene.
With the holiday season creating a fertile environment for phishing scams, security analysts warn that crypto-related fraud is likely to escalate. Crypto investors are advised to take every measure to secure their wallets as the responsibility for safeguarding digital assets ultimately lies with the individual.
EXPLOITERS SPOOF LEDGER EMAILS
Technology news and computer help website Bleeping Computer reported that phishing campaigns begin with emails designed to look like official Ledger communications.
“A new Ledger phishing campaign is underway that pretends to be a data breach notification. It asks you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency,” an excerpt in the report read.
The emails are complete with the subject line: “Security Alert: Data Breach May Expose Your Recovery Phrase.” Sent through the SendGrid email-marketing platform, the messages falsely claim that Ledger has suffered a recent data breach, potentially exposing recovery phrases. With this, the email urged recipients to verify their phrases using a “secure verification tool.”
Per the report, the emails direct users to a convincing Ledger-branded website hosted on Amazon Web Services. The website then redirects to a domain — ledger-recoveryinfo — registered on December 15, 2024. The site mimics Ledger’s legitimate platform, complete with a prompt to perform a “security check” by entering the wallet’s recovery phrase.
This prompt is highly deceptive. It validates entered words against a list of 2,048 recognized terms used in recovery phrases. Regardless of the input, the site claims the phrase is invalid, encouraging users to re-enter their details and ensuring the scammers collect accurate data. Armed with this information, attackers gain full control over victims’ wallets. This allows them to drain cryptocurrency holdings and steal other digital assets.
LEDGER’S RESPONSE AFTER A HISTORY OF EXPLOITATION
Ledger did not confirm or deny the existence of any new data breaches. Nevertheless, in a statement on X (formerly Twitter), the company reiterated its longstanding advice.
“Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam,” the statement read.
The company also addressed concerns raised by users who reported receiving such emails. While acknowledging that phishing scams are an unfortunate part of the digital space, Ledger emphasized the importance of maintaining proper security hygiene.
Meanwhile, Ledger users have been frequent targets of phishing campaigns, particularly after a 2020 data breach exposed sensitive customer information. While the breach did not compromise wallets directly, the stolen data has been used to orchestrate highly personalized phishing attempts.
In December 2023, the company faced another security issue when its connector library was compromised, leading to $484,000 in losses. These recurring incidents reflect scammers’ persistent efforts to exploit Ledger’s popularity and users’ trust in the brand.
Of note is that the holiday season typically sees a spike in online activity, creating a fertile environment for phishing scams. Security analysts warn that crypto-related fraud is likely to escalate as scammers seek to capitalize on increased transactions and the general distraction of the holidays.
Elsewhere, crypto scams specifically have seen fluctuating success in recent months. Losses from phishing schemes fell by 53% in November 2024, totaling $9.3 million. However, this latest campaign suggests that scammers are redoubling their efforts. Crypto investors should take every measure to secure their wallets, recognizing that the responsibility for safeguarding digital assets ultimately lies with the individual.
🎄Best crypto platforms in Europe | December 2024
eToro