Ledger users have become the latest targets of a sophisticated phishing scam, as scammers impersonate official Ledger communications to steal recovery phrases. These fake emails, crafted to appear legitimate, urge users to verify their recovery phrases on a fraudulent website, granting attackers full access to victims’ cryptocurrency wallets. The surge in holiday transactions adds urgency to the ongoing threat of crypto scams.
The phishing campaign, detailed by tech news outlet Bleeping Computer, begins with deceptive emails titled “Security Alert: Data Breach May Expose Your Recovery Phrase.” These emails claim that a recent Ledger data breach may have put users’ recovery phrases at risk and direct recipients to a fake Ledger-branded website. Hosted on Amazon Web Services, the site appears professional and mimics Ledger’s legitimate platform. Users are prompted to conduct a "security check" by entering their recovery phrases, which are then validated against a recognized word list. Regardless of input, the site falsely claims phrases are invalid, encouraging users to try again, ensuring scammers obtain accurate information.
Once attackers have the recovery phrases, they can take full control of wallets, draining funds and seizing other digital assets. This scam highlights the dangers of phishing during the holiday season, a time when online activity spikes, and vigilance is often lowered.
Ledger has not confirmed a new data breach but reminded users of its long-standing policy: “Ledger will never ask for your 24-word recovery phrase. If someone does, it’s a scam.” The company has faced phishing issues before, especially after a 2020 breach that exposed customer information, leading to targeted phishing campaigns. Another incident in December 2023 saw Ledger’s connector library exploited, resulting in nearly $500,000 in losses. These recurring events have eroded trust among some users, with one remarking, “For a company we trust to safeguard our assets, this is not reassuring.”
Crypto fraud has fluctuated recently, with phishing-related losses dropping by 53% in November 2024 to $9.3 million. However, this latest attack suggests scammers are refining their tactics. Security experts warn that crypto investors must remain cautious and take proactive measures to protect their wallets, especially during high-risk periods like the holidays. Ultimately, safeguarding digital assets is the individual’s responsibility.