Image default
FeaturedNews

Massive Fraud Alert: Fake Ledger Emails Target Cryptocurrency Wallets

 

A new phishing campaign is preying on users of Ledger, the well-known cryptocurrency wallet, through fraudulent emails designed to steal recovery phrases. These emails falsely claim that Ledger has experienced a data breach and urge users to verify their recovery phrase via a fake security tool. 

The phishing emails, with the subject line “Security Alert: Data Breach May Expose Your Recovery Phrase” are sent via the SendGrid platform and direct users to a malicious website. The phishing site mimics Ledger’s official interface, redirecting users to the domain “ledger-recovery[.]info” registered on December 15, 2024. 

A lo of Fake Ledger Emails were sent

How Scammers Operate

The fraudulent website prompts users to perform a “security check” by entering their recovery phrase. It cross-references each inputted word with the 2,048 valid terms used in legitimate recovery phrases. If an incorrect word is entered, the site flags it, pushing users to re-enter their information. This process allows scammers to confirm the accuracy of the recovery phrase, granting them full access to the victim’s wallet.  

Once the scammers obtain the recovery phrase, they can transfer all cryptocurrency funds out of the wallet, leaving the victim with no recourse. This technique is particularly deceptive because it exploits users’ fear of losing access to their accounts, especially during the holiday season when online activity surges.  

Background and Security Measures

Ledger addressed the scam on X (formerly Twitter), reiterating:  

“Ledger will NEVER ask for your 24-word recovery phrase. If someone does, it’s a scam.” 

This campaign is part of an ongoing wave of phishing attacks that intensified after Ledger’s 2020 data breach. While the breach didn’t compromise wallets directly, it exposed customer names, emails, and phone numbers, making personalized scams more effective. Additionally, in December 2023, a compromised Ledger library led to $484,000 in stolen funds. 

To protect yourself, never enter your recovery phrase online or click links in unsolicited emails. Recovery phrases should only be used directly on Ledger devices. Always manually type “ledger.com” into your browser to avoid fraudulent sites. 

During high-risk periods like the holiday season, scammers ramp up their efforts to exploit unsuspecting victims. 

Ultimately, protecting your cryptocurrency depends on staying vigilant.

Related posts

BlockFi Seeks Court Approval to Convert Users’ Crypto Assets into Stablecoins

jose

Fetch.ai Founder Addresses Controversy Surrounding ASI Token Merger

Guido Battigelli

RNDR’s Impressive Performance According to Santiment

jose

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More