Phishing gangs have been mailing counterfeit Ledger devices to cryptocurrency users since 2021. They send these fake devices with a letter that claims Ledger suffered a data breach.
The letter urges users to move their mnemonic recovery phrases from their real Ledger wallets to the new devices. This scheme was revealed by cybersecurity researcher Yu Xian from SlowMist.
He described how the scammers trick users with false instructions and fake software. As a result, victims end up handing over their recovery phrases.
How the Scam Unfolds?
The attackers begin by sending a package that looks like an official Ledger shipment. Inside, users find a fake device and a manual. The manual says that data from their original device may be compromised.
It instructs users to plug the new device into their computer. Next, victims are led to install a malicious application. This app closely imitates Ledger’s official software.
When users launch it, the app prompts them to enter their 24-word mnemonic phrase. Believing they are securing their assets, they type the phrase into the fake app. At that point, the scammers capture the recovery information. Once they have it, they can drain the victim’s account.
Yu Xian noted that some fake manuals even include prefilled mnemonic phrases. These are meant to look like genuine examples. They guide users to think the device is already set up and ready.
Other versions of the attack use fake software alone. In those cases, scammers send an email with a link to download the bogus program. No matter the method, the goal is to steal the mnemonic phrase. Without that phrase, hardware wallets cannot be accessed or recovered.
Recent Alerts from Ledger
Ledger recently warned users about a circulated letter related to this scam. The company confirmed that the letter is not legitimate and urged users to ignore it. Crypto trader Jacob Canfield shared a copy of this fake notice on the social media platform X(Twitter).
After that post gained attention, Ledger issued its official denial. The fraudulent letter claims that users must update their devices immediately.
In truth, there is no such requirement from the manufacturer. Ledger emphasised that they do not send unsolicited emails asking for mnemonic transfers.
In addition to fake devices, a new phishing campaign has emerged. This one poses as Ledger support via email and web pages. It triggers fear by suggesting that user data was leaked in a breach.
The message asks users to verify their recovery phrases on a phoney website. Once users enter their information, scammers gain direct access to their funds.
Ledger’s support team stresses that they will never request recovery phrases in an email or pop-up. Users who receive such messages are advised to check the sender’s address and visit Ledger’s official site before taking any steps.
Why Users Must Stay Vigilant?
Many people find it hard to believe that hardware wallet attacks can succeed. Yet cybercriminals know that owners of hardware wallets hold larger sums. The “bigger fish” tend to use these cold storage devices.
That makes them prime targets for scams. As Yu Xian pointed out, these physical phishing attempts can work if users are not cautious. The scammers rely on fear, urgency, and the trust that people place in brands like Ledger.
Also Read: Ledger Uncovers Security Flaws in Trezor Safe 3 & 5 Hardware Wallets