A new phishing campaign is targeting Ledger cryptocurrency wallet users, exploiting fears of a data breach to steal recovery phrases and access digital assets.
The campaign impersonates Ledger support, urging users to verify their recovery phrases on a fake website under the pretense of safeguarding their wallets, the report stated.
What is a Phishing Scam?
Ledger, a popular hardware cryptocurrency wallet, uses 12, 18, or 24-word recovery phrases to secure users’ funds. These phrases are critical for wallet recovery, and anyone with access to them can control the funds.
Ledger has repeatedly warned users to keep recovery phrases offline and never share them, but phishing campaigns continue to exploit unsuspecting users.
The latest attack begins with phishing emails claiming to be from Ledger. Sent through the SendGrid email marketing platform, the emails have a subject line like “Security Alert: Data Breach May Expose Your Recovery Phrase.” They falsely state that Ledger has suffered a data breach and that some recovery phrases may have been exposed.
How did the Attacks Take Place?
The email urges recipients to verify their recovery phrases by clicking a button on a supposedly “secure verification tool.” This redirects users to a phishing website, registered just days ago on December 15, 2024. The website is designed to mimic Ledger’s official site, asking users to enter their recovery phrases for a security check.
As users enter their recovery phrases, the phishing page transmits the information to the attackers’ server. To increase the chances of capturing the correct phrase, the website flags invalid words in real time, prompting users to re-enter phrases multiple times.
Also Read: DEXX Hackers Launder 6,432 ETH Worth Over $10 Million Through Tornado Cash Protocol
Regardless of the phrase entered, the site claims it is invalid, likely to further confirm the correctness of the input.
Reports indicate that similar phishing campaigns are also targeting Ledger users with emails promoting fake firmware updates. Like the recovery phrase scam, these phishing attempts aim to steal sensitive information and access wallets.
Not the First Time for Ledger?
This is not the first time Ledger users have faced such attacks. After a 2020 data breach exposed customer information, phishing campaigns increased significantly, leveraging leaked names, email addresses, and phone numbers to craft targeted scams.
The ongoing campaign coincides with broader phishing scams in the cryptocurrency sector. Losses from crypto phishing scams totalled $9.3 million in November 2024, a 53% decline from October.
However, scammers appear to be intensifying efforts during the holiday season, as seen with additional scams reported by Meta, including fake holiday promotions and counterfeit coupons.
Ledger users are advised to remain vigilant, avoid clicking on unsolicited emails, and never share their recovery phrases. Officials urge cryptocurrency users to verify communication directly through official channels and report suspicious activity immediately
Also Read: LastPass Hackers Steal $5.36M in Crypto Before Christmas from 40 Unwary Victims