Ledger Wallet Users Face Increased Phishing Scams During Holiday Season

The cryptocurrency hardware wallet Ledger is experiencing a resurgence of phishing scams. Cybercriminals are sending fake emails that imitate official communications to trick users into revealing their recovery phrases.

Recent reports indicate these scams have intensified due to increased security concerns and a rise in crypto transactions during the holiday season. Bleeping Computer reported that the phishing campaign poses as a data breach notification, urging users to verify their recovery phrases, which are then stolen to access their cryptocurrency.

A new Ledger phishing campaign is underway that pretends to be a data breach notification. It asks you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency.

Phishing emails claim a "Security Alert: Data Breach May Expose Your Recovery Phrase" and are crafted using the SendGrid email marketing platform. They falsely assert a recent data breach at Ledger and encourage recipients to verify their recovery phrases via a purported "secure verification tool."

Victims are directed to a convincing fake Ledger-branded website hosted on Amazon Web Services. Users are led to the fraudulent domain ledger-recovery[.]info, registered on December 15, 2024, where they are prompted to perform a "security check" by entering their recovery phrases.

The scammers validate inputs against a list of 2,048 commonly used recovery phrase terms. Regardless of user input, the site falsely indicates the phrase is invalid, prompting repeated submissions to collect accurate data. Once the correct recovery phrase is obtained, attackers gain full access to the victim's wallet.

Ledger Advises Caution

In response to the phishing attacks, Ledger urged users to remain vigilant. On the X platform, the company stated:

Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam. Stay cautious and keep your crypto safe.

Ledger acknowledged that such scams are a recurring issue in the digital space, with periodic attacks on users since 2020. The increase in online activity during the holiday season has contributed to a rise in phishing attacks, with security experts warning that fraud is likely to escalate as scammers exploit the surge in crypto transactions.