Heads up to Ledger users! Or, a more advanced email phishing scam could be alarming you with a bogus copycat site designed to drain your crypto holdings. This latest scam first popped up around two weeks ago. It takes advantage of previous data breaches and uses fear of the unknown to manipulate future victims. This fraudulent scheme capitalizes on the sensitive information compromised in a July 2020 data breach, as well as the controversy surrounding Ledger's proposed "Ledger Recover" service in mid-2023.
The 2020 data breach was incredibly damaging, stealing almost all customer data. This breach exposed the first and last names, postal addresses, and phone numbers of over 272,000 Ledger customers. Approximately another million email addresses were exposed as well. Unfortunately, scamming bad actors have started using this information to attack Ledger users. They use a bunch of different approaches, from cheeseburgers to sending a short one-page letter with a QR code.
An illegitimate Ledger website, registered with a known web discounter, has been up for about 14 days. Compare that security with the fact that the real Ledger domain has been registered for about 30 years. The phony microCAPTCHA website claims to be a new form of security against bots that tries to get humans to help improve machine learning. It then shows an input mask asking for the 24-word recovery seed.
If users enter their 24-word recovery seed on the fake website, their crypto assets are immediately at risk of being stolen. Users of the Ledger wallet need to be on high alert. Always check the URL of any website or email that pretends to be a Ledger website.
Since Ledger has a history of security blunders, Ledger users have been especially exposed to these kinds of attack. In July 2020, the National Student Clearinghouse admitted to a significant data breach. The CEO of Ledger released an update admitting that a lot of personal information was leaked. Additionally, the controversy surrounding "Ledger Recover," a backup service for the secret recovery phrase, has heightened user sensitivity to potential security threats.
Tran Quoc Duy
Blockchain Editor
Tran Quoc Duy offers centrist, well-grounded blockchain analysis, focusing on practical risks and utility in cryptocurrency domains. His analytical depth and subtle humor bring a thoughtful, measured voice to staking and mining topics. In his spare time, he enjoys landscape painting and classic science fiction novels.
