Ledger Users Targeted in Sophisticated Holiday Phishing Scam
A new phishing campaign targets Ledger users, exploiting fake data breach alerts to steal recovery phrases and cryptocurrency holdings. Stay alert.
Popular hardware cryptocurrency wallet Ledger is the latest target of a new wave of phishing scams after perpetrators spoofed official-looking emails to trick victims into revealing their recovery phrases.
These attacks exploit concerns about security and the upcoming holiday season’s surge in online transactions, highlighting the ongoing risks facing crypto investors.
Exploiters Spoof Ledger Emails
Technology news and computer help website Bleeping Computer reported that phishing campaigns begin with emails designed to look like official Ledger communications.
“A new Ledger phishing campaign is underway that pretends to be a data breach notification. It asks you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency,” an excerpt in the report read.
The emails are complete with the subject line: “Security Alert: Data Breach May Expose Your Recovery Phrase.” Sent through the SendGrid email-marketing platform, the messages falsely claim that Ledger has suffered a recent data breach, potentially exposing recovery phrases. With this, the email urged recipients to verify their phrases using a “secure verification tool.”
Per the report, the emails direct users to a convincing Ledger-branded website hosted on Amazon Web Services. The website then redirects to a domain — ledger-recovery[.]info — registered on December 15, 2024. The site mimics Ledger’s legitimate platform, complete with a prompt to perform a “security check” by entering the wallet’s recovery phrase.
This prompt is highly deceptive. It validates entered words against a list of 2,048 recognized terms used in recovery phrases. Regardless of the input, the site claims the phrase is invalid, encouraging users to re-enter their details and ensuring the scammers collect accurate data.
Armed with this information, attackers gain full control over victims’ wallets. This allows them to drain cryptocurrency holdings and steal other digital assets.
Ledger’s Response after a History of Exploitation
Ledger did not confirm or deny the existence of any new data breaches. Nevertheless, in a statement on X (formerly Twitter), the company reiterated its longstanding advice.
“Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam,” the statement read.
The company also addressed concerns raised by users who reported receiving such emails. While acknowledging that phishing scams are an unfortunate part of the digital space, Ledger emphasized the importance of maintaining proper security hygiene.
Meanwhile, Ledger users have been frequent targets of phishing campaigns, particularly after a 2020 data breach exposed sensitive customer information. While the breach did not compromise wallets directly, the stolen data has been used to orchestrate highly personalized phishing attempts.
In December 2023, the company faced another security issue when its connector library was compromised, leading to $484,000 in losses. These recurring incidents reflect scammers’ persistent efforts to exploit Ledger’s popularity and users’ trust in the brand.
“For a company, we’re all forced to trust for custody of our assets, this is not a good look,” one user remarked.
Of note is that the holiday season typically sees a spike in online activity, creating a fertile environment for phishing scams. Security analysts warn that crypto-related fraud is likely to escalate as scammers seek to capitalize on increased transactions and the general distraction of the holidays.
“The holiday season means more online shopping. And that’s why it’s a scammer’s favorite time of year,” one user on X shared.
Elsewhere, crypto scams specifically have seen fluctuating success in recent months. Losses from phishing schemes fell by 53% in November 2024, totaling $9.3 million. However, this latest campaign suggests that scammers are redoubling their efforts.
Crypto investors should take every measure to secure their wallets, recognizing that the responsibility for safeguarding digital assets ultimately lies with the individual.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
How OpenAI cemented its place on a rocky road in 2024
Share link:In this post: OpenAI had a challenging journey in marking itself as a prominent force in Artificial Intelligence. However, major milestones and other setbacks occurred for the company in 2024. This happened because CEO Sam Altman returned to help save the company.
Majority of businesses are still at early stages of AI maturity: MIT study
Share link:In this post: Authors of the study categorized stages of AI advancement into four, with the majority of firms still in the initial stages. The study analyzed 721 companies at different stages of AI advancement. Companies become AI future-ready in the final stage.
DeFi security sees a 40% drop in losses as CeFi faces a $694M surge in breaches
Share link:In this post: DeFi crypto hacks account for about 20.4% of all crypto hacks in 2024, while CeFi’s adds up to 30%. CeFi losses have increased to $694 million in 2024. Access control exploits accounts for the loss of over $1.7 billion.
5 crypto predictions for 2025
These 5 crypto prophecies put Nostradamus to shame