Users of the Ledger series of hardware wallets are being targeted as part of a widespread phishing campaign that takes advantage of earlier data leaks. Some users have received emails alerting them to a data breach that could have exposed their seed phrases to attackers.
Ledger Users Targeted in New Data Breach Phishing Campaign
This article was published more than a year ago. Some information may no longer be current.
WRITTEN BY
SHARE
Ledger Users Receiving Data Breach Emails in Phishing Campaign
Attackers are always on the hunt for ways to scam crypto users’ funds. Bleeping Computer recently alerted about a new fake phishing data breach campaign targeting users of Ledger, one of the most popular hardware wallet manufacturers. According to social media reports, they received an official-looking email prompting them to verify their seed phrase through an online security tool.
The phishing emails states:
We regret to inform you that a recent data breach has affected our service. While your Ledger wallet remains secure, there is a possibility that recovery phrases (also known as “seed phrases”) linked to certain accounts have been exposed.
When clicking to verify the seed phrases, the phishing email sends users to ledger-recovery.info, a domain registered on December 15 as part of this scam scheme. The site offers an interface for users to introduce their seed phrases to be collected in a database.
Security experts recommend never introducing a seed phrase online, because it risks losing the funds stored in the wallet. In the same way, never trust automatically written web addresses, and if necessary, type addresses manually when dealing with crypto funds.
Presumably, Bleeping Computer states that the backbone of this campaign might be the data leaked by Ledger in 2020 when the company suffered a data breach that left the contact information of 1 million users in the open for criminal actors.
Read more: Ledger Wallet Data Leak Dumped on Raidforums for Free, Company Regrets the Situation
This is not the first time Ledger users have been targeted in criminal phishing campaigns. In 2021, Ledger customers were mailed new hardware wallets to their residences. The wallets seemed legit and the packaging included instructions for users to switch their old wallets for security purposes. The wallets delivered were USB flash drives modified to deliver malware and steal the private seed introduced.
Read more: Ledger Customers Are Being Mailed Fake Wallets to Steal Their Private Seeds
