Phishers spoofed Ledger’s email to send fake data breach notifications.
Wallet users have reported that phishers are spoofing the crypto hardware wallet vendor's support email to trick users into revealing their wallet keys.
The fake email claims Ledger has suffered a “recent data breach” and encourages recipients to verify their personal lineage, pretending they need to “protect” their assets, according to screenshots shared by X and a Dec. 17 report by BleepingComputer.
The email appears to be from a legitimate support email from Ledger, but BleepingComputer reports that it was sent through an email marketing platform.
Detailed information from Ledger cracked email with phishing links. Source: X
The email leads to a professionally-provided Ledger-branding website that pretends to be legitimate and allows visitors to “verify your ledger” that has been tampered with by the fake device.
The prompt will open a pop-up asking to enter the genealogy, a combination of words that, if shared, will allow the fraudsters to take full control of the wallet and withdraw the funds.
The seemingly legitimate site called Ledger asks visitors to enter a personal wallet passphrase.
Ledger responded to an X user who was concerned about the emails, saying, “Attempts to cheat are a bad part of life online and no one is completely free.”
“Ledger will never call, DM, or ask for your 24-word recovery phrase,” he wrote. “If someone does, it's cheating.”
It's unclear if any Ledger users fell victim to the phishing scam. Cointelegraph has contacted Ledger for comment.
The ordeal follows an incident on December 13 in which another Ledger user reported losing $2.5 million worth of Bitcoin (BTC) and intangible tokens, despite saying they never disclosed their lineage online.
However, Ledger and other blockchain security firms recently reported that the user was tricked into a phishing scam in February 2022 and funds were withdrawn.
RELATED: White Hat ‘SEAL' Team Defends Against Crypto Hacks Surpasses Over 900 Investigations
The code base of Ledger's connector library — a tool that enables Ledger users to access decentralized financial applications — was compromised in December 2023, allowing an attacker to extort $484,000 from victims.
With online transactions on the rise, phishing scams are expected to increase this coming holiday season, security analysts say.
Meta recently sent out a warning to its users, identifying several scam campaigns targeting holiday shoppers with fake Christmas gift box promotions, fraudulent holiday decor sales and retail coupons.
Crypto fraudsters may be looking to make up for lost ground this holiday season after phishing losses fell 53% to $9.3 million in November.
Magazine: ‘SEAL 911' White Hat Team Formed To Fight Crypto Hackers In Real Time
