Scammers use fake Ledger data breach emails to steal crypto

The post Scammers use fake Ledger data breach emails to steal crypto appeared on BitcoinEthereumNews.com.

A new phishing campaign is reportedly targeting Ledger hardware wallet users through fake data breach notification emails. Security researchers at BleepingComputer reported that scammers are sending emails that appear to come from Ledger’s official support address to users. According to them, the message claims users must verify their recovery phrases due to a security breach. The scam reportedly began on December 15, 2024, and uses Amazon AWS infrastructure to appear legitimate. These phishing attempts are designed to steal users’ 24-word recovery phrases, which would give attackers complete access to victims’ cryptocurrency funds. The campaign appears to be particularly effective because it exploits real concerns stemming from Ledger’s previous 2020 data breach, an episode when customer information was actually exposed. Crypto phishing campaign appears official  The fraudulent emails follow a careful pattern designed to appear official. They arrive with the subject line “Security Alert: Data Breach May Expose Your Recovery Phrase” and appear to come from “Ledger support@ledger.com.” However, investigators found that scammers are actually using the SendGrid email marketing platform to distribute these messages. When users click the “Verify My Recovery Phrase” button in these emails, they are redirected through multiple stages. The first redirect leads to an Amazon AWS website at a suspicious URL: product-ledg.s3.us-west-1.amazonaws.com. From there, users are sent to a phishing site. The phishing website shows clear technical capabilities. It includes a verification system that checks each entered word against the 2,048 valid words used in cryptocurrency recovery phrases. This real-time validation makes the site appear more legitimate to victims. The attackers also added another deceptive element: the site always claims the entered phrase is invalid to encourage multiple attempts and to probably doublecheck that they received the correct recovery words. Additional versions of this scam have also been identified. Some emails claim to be firmware update…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ December 18, 2024 11:30 am