Обновлено 19 December
Ledger Users Face Phishing Scam Targeting Recovery Phrases
Ledger users are facing a sophisticated phishing scam where attackers impersonate official communications to steal recovery phrases. These deceptive emails prompt users to verify their recovery phrases on a fraudulent website, granting scammers access to cryptocurrency wallets. The increase in holiday transactions heightens the urgency of this threat.
Phishing Campaign Details
The campaign, reported by Bleeping Computer, starts with emails titled “Security Alert: Data Breach May Expose Your Recovery Phrase.” These messages claim that a Ledger data breach risks user recovery phrases and direct recipients to a fake Ledger-branded website hosted on Amazon Web Services. The site mimics Ledger’s legitimate platform and prompts users to enter their recovery phrases for a "security check." Regardless of the input, the site falsely asserts that phrases are invalid, encouraging repeated attempts until scammers obtain accurate information.
Consequences of the Scam
Once attackers acquire recovery phrases, they gain full control of wallets, enabling them to drain funds and seize digital assets. This incident underscores the heightened risk of phishing during the holiday season when online activity increases and vigilance may decrease.
Ledger's Response
Ledger has not confirmed any new data breach but reiterated its policy: “Ledger will never ask for your 24-word recovery phrase. If someone does, it’s a scam.” The company previously faced phishing issues after a 2020 breach that exposed customer information, leading to targeted scams. A December 2023 incident involving Ledger’s connector library resulted in nearly $500,000 in losses, further eroding user trust.
Current Fraud Trends
Phishing-related losses in crypto have decreased by 53% in November 2024 to $9.3 million. However, this recent attack indicates that scammers are refining their tactics. Security experts advise that crypto investors must remain cautious and take proactive steps to protect their wallets, particularly during high-risk periods like the holidays. Ultimately, safeguarding digital assets falls on individuals.