Phishing scammers spoof Ledger’s email to send bogus data breach notice
Ledger users have reported that phishing scammers are spoofing the crypto hardware wallet provider’s support emails in a bid to trick users into revealing their wallet keys.
The bogus emails claim Ledger suffered a “recent data breach” and encourages recipients to verify their private seed phrase under the guise of needing to “safeguard” their assets, according to screenshots shared on X and a Dec. 17 BleepingComputer report .
The email appears to be from Ledger’s legitimate support email, but BleepingComputer reports it was actually sent through an email marketing platform.
Details from Ledger’s spoofed email with phishing links. Source: X
The email leads to a Ledger-branded website that appears legitimate and prompts visitors to “verify your Ledger,” falsely claiming to check if their device has been compromised.
The prompt opens a popup that asks to enter a seed phrase , a combination of words that, if shared, would give the scammers full control over the wallet and allow them to drain its funds.
The legitimate-looking Ledger-branded site asks visitors to enter their private wallet seed phrase.
Ledger responded to an X user concerned about the emails, saying that “scam attempts are an unfortunate part of life online and no one is completely immune.”
“Ledger will never call, DM, or ask for your 24-word recovery phrase,” it wrote. “If someone does, it’s a scam.”
It’s unclear if any Ledger users have fallen victim to the phishing scam. Cointelegraph has contacted Ledger for comment.
The ordeal follows a Dec. 13 incident where another Ledger user reported losing $2.5 million worth of Bitcoin ( BTC ) and non-fungible tokens despite claiming to have never revealed their seed phrase online.
However, Ledger and other blockchain security firms are adamant the user was lured into a phishing scam in February 2022 and that funds were only recently wiped.
Related: White hat ‘SEAL’ team protecting from crypto hacks surpasses 900 investigations
The codebase of Ledger’s connector library — a tool providing Ledger users access to decentralized finance apps — was compromised in December 2023, allowing an attacker to drain $484,000 from victims.
Phishing scams are expected to increase this holiday season amid more online transactions, security analysts say.
Meta also recently sent a warning to its users, identifying several scam campaigns targeting holiday shoppers from fake Christmas gift box promotions, fraudulent holiday decoration sales and counterfeit retail coupons.
Crypto scammers may be looking to make up ground this holiday season after phishing losses fell 53% month-on-month in November to $9.3 million.
Magazine: ‘SEAL 911’ team of white hats formed to fight crypto hacks in real time
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Jupiter will airdrop 700 million JUP next month, worth over $590 million
The Korean won exchange rate fell below 1,480 won to the dollar, the lowest since 2009
SOL breaks through $190