Owners of popular Ledger hardware wallets have become targets of phishing attacks. Hackers are sending out fake emails to phish for users’ secret phrases and gain access to their crypto assets.
According to Bleeping Computer, the campaigns kick off with emails disguised as official Ledger notifications with the subject: “Security Update: Data leak could expose your secret phrase.”
The emails are sent via the SendGrid platform and contain a call to action for users to verify their secret phrases through a “secure verification tool.” Clicking the link redirects users to a fake Ledger site hosted on Amazon Web Services at the address ledger-recovery[.]info. The site mimics the real Ledger portal and prompts users to enter their 24-word secret phrase for “security verification.”
This fake site analyzes the entered words, comparing them against a list of 2048 possible terms. Even if the phrase is entered correctly, the site reports it as “invalid,” compelling the user to re-enter the data, allowing the criminals to capture accurate information.
With access to the secret phrases, hackers gain full control over the wallets, enabling them to steal all digital assets.
Ledger has not confirmed any new data breaches, but in a statement on the X platform (Twitter), it emphasized:
“Ledger will never ask for your 24-word secret phrase. If anyone does, it’s a scam.”
Ledger users have repeatedly fallen victim to phishing campaigns following a data breach in 2020, which exposed customer information. Although the wallets themselves were not hacked, this data was used for personalized scams.
In December 2023, the company faced a new issue when its library of connectors was compromised, leading to a loss of $484,000.
Therefore: