According to Cointelegraph, Ledger users reported that phishing scammers disguised themselves as support emails from crypto hardware wallet providers in an attempt to trick users into revealing their wallet keys.
The fake email claimed that Ledger had a "data breach" and asked users to verify their private keys to "protect" their assets. The email was sent through an email marketing platform and linked to a phishing website disguised as the official Ledger website.
The site requires users to enter a seed phrase, which, if leaked, can allow scammers to take full control of the wallet and transfer funds. Ledger emphasizes that it will not ask users to provide a 24-word recovery phrase.
Previously, another Ledger user reported losing $2.5 million in Bitcoin and NFTs, despite claiming to have never leaked the seed phrase online. Ledger and the security firm believe the user was phished in February 2022.
The Ledger connector library codebase was breached in December 2023, allowing attackers to steal $484,000. Phishing scams are expected to increase during the holiday season.