'Convincing' Phishing Attack Targets Ledger Hardware Wallet Users

Ledger confirmed that for the last week some customers have been the target of a phishing attack.

Oct 27, 2020 at 8:13 p.m. UTC
Updated Sep 14, 2021 at 10:24 a.m. UTC

Customers of Ledger, the hardware cryptocurrency wallet, are being targeted by a phishing attack posing as an email from Ledger support. 

On Sunday a Reddit user posted in the r/ethfinance subreddit, alerting the group to the existence of the attack. 

The fake email ostensibly informs users their Ledger assets may be compromised. It states, “Our forensics team has found several of the Ledger Live administrative servers to be infected with malware.” This claim is false; while the email form looks professional, it is a phishing attempt to steal customers data. 

The email is so convincing that even wary users might be fooled. Ledger confirmed that, for the last week, a phishing attack has been targeting Ledger cryptocurrency wallet customers. 

“I received the same email and for once I got really confused. Everything checks out,” said one Reddit user in reply to the original post. “However, there you can see that the url is incorrect (notice the dot on the second 'e' => ledgėr). What triggered my doubt was that I received the email twice within a couple of minutes. ... It's probably related to the previous hack where a hacker managed to get our email addresses.”

Another user replied, “Wow this looked really legit, so much so I used Contact Us form to ask Ledger if it was real. I am normally pretty good at sniffing things like this out – this was by far the most convincing attempt I have ever seen.”

Roots of a phishing attack

In July, the Ledger team discovered an API key related to their e-commerce and marketing database was exploited, and the database accessed by an unauthorized third party. The database details (mostly email addresses) were used to send order confirmations and promotional emails. 

In a blog post revealing the hack, the Ledger team emphasized that users' payment information and crypto funds are safe.

CoinDesk independently reviewed one of these phishing emails, which was sent from "support@legder.com." A key clue in any phishing email is a slight misspelling of a real address or URL; in this instance, “ledger.com” is misspelled. 

Pro tip: Bookmark verified sites where you normally would input sensitive information and only access them through that bookmarked link.

Phishing attacks are common and attackers are increasingly sophisticated, creating emails that resemble official company correspondence. They rely on a person making a mistake and clicking on a link that could compromise his or her security. 

In a statement, a Ledger spokesperson said an internal task force has been deployed to investigate the latest phishing attack. 

“The investigation is ongoing and at this time we cannot give any additional information but one thing is for certain: Ledger will never ask you for your 24-word recovery phrase, which is a blatant sign of a phishing scam,” said the spokesperson. “Ledger encourages customers to exercise caution as phishing attacks become more sophisticated and to alert Ledger's customer support team and consult Ledger.com for more information on the detection of scams.”

UPDATE (November 2, 2020, 17:46 UTC): Multiple Ledger users have shared that they are also being targeted by SMS phishing attacks, sent to their phones. CoinDesk has seen three separate examples of this phishing text below.

An example of a phishing text sent to a Ledger customer.

This is a phishing attempt and customers should not click on the link. The development further highlights customers concerns about how data stemming from the Ledger hack earlier this year is being used. 

UPDATE: November 2, 2020 (19:56 UTC) Ledger responded with the following comment:
"As soon as we discovered the data breach on Ledger's website in July 2020, we immediately patched it. Since then, we led two penetration tests with a third-party consultancy to verify and improve the security of our clients' data. For two weeks, some of Ledger's customers have been experiencing continuous phishing scams through various channels, including email and SMS. We've issued several scam alerts through our Twitter, email, and other channels to notify our users during the past two weeks.

The internal task force is investigating these attacks, and as of now, we can't state that scammers are using Ledger's marketing database, and therefore, these attacks resulted from July's data breach."

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
Market Wrap: Cryptos and Stocks Mixed Amid Bearish Sentiment

BTC is stabilizing around $30K while stock market volatility begins to fade.

BTC is stabilizing around $30K while stock market volatility begins to fade.

2
New Data Shows Underground Bitcoin Mining Thriving in China

The U.S. has also expanded its lead in the global hashrate competition.

The U.S. has also expanded its lead in the global hashrate competition.

3
Bitcoin sube a $30K, con una resistencia en $35K

BTC está en camino de registrar una señal de impulso positivo en el gráfico diario.

BTC está en camino de registrar una señal de impulso positivo en el gráfico diario.

4
Ledger Adding Browser Extension to Connect Hardware Wallets to Web 3 Apps

Ledger Connect is launching in beta and will initially be compatible with the Ledger Nano X and Mobile Safari.

Ledger Connect is launching in beta and will initially be compatible with the Ledger Nano X and Mobile Safari.