Cybercriminals are targeting Ledger hardware wallet users with fake emails mimicking official communications, falsely claiming a data breach to get access to users’ recovery phrases.
The widely used cryptocurrency hardware wallet Ledger has been seeing a fresh phase of phishing scams. Cybercriminals are sending fake emails that mimic official communications, attempting to trick wallet users into revealing their recovery phrases.
These scams have spurred up recently amid heightened security concerns and the surge in crypto transactions during the holiday season. In its latest report, Bleeping Computer stated that the phishing scams started with emails designed to look just like official Ledger communications. The report also notes:
“A new Ledger phishing campaign is underway that pretends to be a data breach notification. It asks you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency”.
The phishing scam is targeting Ledger wallet users with emails claiming a “Security Alert: Data Breach May Expose Your Recovery Phrase”. The scammers sent professional-looking emails using the SendGrid email marketing platform. In the email, they falsely claimed a recent Ledger data breach and urged recipients to verify their recovery phrases using a so-called “secure verification tool.”
Reports reveal that the phishing emails direct victims to a convincing fake Ledger-branded website hosted on Amazon Web Services. From there, users are redirected to a fraudulent domain, ledger-recovery[.]info, registered on December 15, 2024. The site imitates Ledger’s official platform and prompts users to perform a “security check” by entering their wallet recovery phrases.
The scammers have used a deceptive tactic while validating inputs against a list of 2,048 recognized terms commonly used in recovery phrases. Regardless of what users enter, the site falsely flags the phrase as invalid, prompting repeated attempts and ensuring the scammers collect accurate data. After securing the correct recovery phase, attackers gain complete access to the victim’s wallet.
Ledger Asks Crypto Users to Stay Cautious
As the news regarding phishing attacks on the Ledger hardware wallet spread, the company asked its users to stay vigilant and informed. In a message on the X platform, it noted:
“Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam. Stay cautious and keep your crypto safe”.
Responding to users’ concerns about the phishing scam, Ledger acknowledged that such scams are an unfortunate reality in the digital space. Also, this is not the first time that Ledger users have faced these attacks. Since 2020, there have been periodic attacks on Ledger hardware wallet users.
Furthermore, amid the spike in online activity during this holiday season, phishing attacks have increased. Several security experts warn that the fraud is likely to escalate as scammers seek to leverage the surge in crypto transactions. “The holiday season means more online shopping. And that’s why it’s a scammer’s favorite time of year,” one user said.
next