December 18, 2024
Popular cryptocurrency wallet Ledger has become the latest target of a new wave of scams after perpetrators forged official-looking emails to trick victims into revealing their recovery phrases.
These attacks exploit concerns about security and the surge in online transactions during the upcoming holiday season, highlighting the ongoing risks facing cryptocurrency investors.
Scammers Fake Ledger Emails
Technology news and computer aid site Bleeping Computer reported that phishing campaigns begin with emails designed to look like official communications from Ledger.
“A new phishing campaign from Ledger is underway posing as a data breach notification. It asks you to verify your recovery phrase, which is then stolen and used to steal your crypto,” an excerpt from the report reads.
The emails contain the subject line: “Security Alert: Data Breach Could Reveal Your Recovery Phrase.” Sent via email marketing platform SendGrid, the emails falsely claim that Ledger has suffered a recent data breach, which could expose recovery phrases. However, the email urges recipients to verify their phrases using a “secure verification tool.”
According to the report, the emails direct users to a Ledger-branded website hosted on Amazon Web Services. The site then redirects to a domain — ledger-recovery[.]info — registered on December 15, 2024. The site mimics the legitimate Ledger platform, complete with a prompt to perform a “security check” by entering a wallet recovery phrase.
This claim is highly deceptive. It checks the entered words against a list of 2,048 recognized terms used in recovery phrases. Regardless of the input, the site claims the phrase is invalid, encouraging users to re-enter their details and ensuring that scammers collect accurate data.
Armed with this information, attackers gain complete control over victims’ wallets, allowing them to drain cryptocurrency holdings and steal other digital assets.
Ledger has neither confirmed nor denied any new data breaches. However, in a statement on X (formerly Twitter), the company reiterated its long-standing advice.
“Ledger will never ask you via call, direct message, or ask you for your 24-word recovery phrase. If someone does that, it’s a scam,” the statement read.
The company also addressed concerns raised by users who reported receiving such emails. While acknowledging that phishing scams are an unfortunate part of the digital space, Ledger stressed the importance of maintaining proper security hygiene.
Meanwhile, Ledger users have been frequent targets of phishing campaigns, especially after a 2020 data breach that exposed sensitive customer information. While the breach did not directly impact wallets, the stolen data was used to orchestrate highly customized phishing attempts.
In December 2023, the company faced another security issue when its connector library was hacked, resulting in losses of $484,000. These repeated incidents reflect the ongoing efforts of fraudsters to exploit Ledger’s popularity and users’ trust in the brand.
“For a company we are all forced to trust to hold our assets safe, this is not a good look,” said one user.
The holiday season typically sees a surge in online activity, creating a fertile environment for phishing scams. Security analysts warn that cryptocurrency fraud is likely to increase as scammers seek to capitalize on increased transactions and public distraction during the holidays.
One user shared on X: “The holiday season means more online shopping. Which is why it’s a favorite time of year for scammers.”
Elsewhere, cryptocurrency scams have seen mixed success in recent months. Losses from phishing schemes fell 53% in November 2024, to $9.3 million. However, this latest campaign suggests that scammers are ramping up their efforts again.
Cryptocurrency investors should take every measure to secure their wallets, recognizing that the responsibility for protecting digital assets ultimately lies with the individual.