BPOI Banner
SEC Cracks Down on Crypto Fraud: Two Brothers Accused of $61.5 Million Scam SEC Cracks Down on Crypto Fraud: Two Brothers Accused of $61.5 Million Scam

Ledger Phishing Scams Surge During Holiday Online Activity Boom

Popular hardware cryptocurrency wallet Ledger is the latest target of a new wave of phishing scams after perpetrators spoofed official-looking emails to trick victims into revealing their recovery phrases.

These attacks exploit concerns about security and the upcoming holiday season’s surge in online transactions, highlighting the ongoing risks facing crypto investors.

Exploiters Spoof Ledger Emails

Technology news and computer help website Bleeping Computer reported that phishing campaigns begin with emails designed to look like official Ledger communications.

“A new Ledger phishing campaign is underway that pretends to be a data breach notification. It asks you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency,” an excerpt in the report read.

The emails are complete with the subject line: “Security Alert: Data Breach May Expose Your Recovery Phrase.” Sent through the SendGrid email-marketing platform, the messages falsely claim that Ledger has suffered a recent data breach, potentially exposing recovery phrases. With this, the email urged recipients to verify their phrases using a “secure verification tool.”

Per the report, the emails direct users to a convincing Ledger-branded website hosted on Amazon Web Services. The website then redirects to a domain — ledger-recovery[.]info — registered on December 15, 2024. The site mimics Ledger’s legitimate platform, complete with a prompt to perform a “security check” by entering the wallet’s recovery phrase.

This prompt is highly deceptive. It validates entered words against a list of 2,048 recognized terms used in recovery phrases. Regardless of the input, the site claims the phrase is invalid, encouraging users to re-enter their details and ensuring the scammers collect accurate data.

Armed with this information, attackers gain full control over victims’ wallets. This allows them to drain cryptocurrency holdings and steal other digital assets.

Ledger’s Response after a History of Exploitation

Ledger did not confirm or deny the existence of any new data breaches. Nevertheless, in a statement on X (formerly Twitter), the company reiterated its longstanding advice.

“Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam,” the statement read.

The company also addressed concerns raised by users who reported receiving such emails. While acknowledging that phishing scams are an unfortunate part of the digital space, Ledger emphasized the importance of maintaining proper security hygiene.

Meanwhile, Ledger users have been frequent targets of phishing campaigns, particularly after a 2020 data breach exposed sensitive customer information. While the breach did not compromise wallets directly, the stolen data has been used to orchestrate highly personalized phishing attempts.

In December 2023, the company faced another security issue when its connector library was compromised, leading to $484,000 in losses. These recurring incidents reflect scammers’ persistent efforts to exploit Ledger’s popularity and users’ trust in the brand.

“For a company, we’re all forced to trust for custody of our assets, this is not a good look,” one user remarked.

Of note is that the holiday season typically sees a spike in online activity, creating a fertile environment for phishing scams. Security analysts warn that crypto-related fraud is likely to escalate as scammers seek to capitalize on increased transactions and the general distraction of the holidays.

“The holiday season means more online shopping. And that’s why it’s a scammer’s favorite time of year,” one user on X shared.

Elsewhere, crypto scams specifically have seen fluctuating success in recent months. Losses from phishing schemes fell by 53% in November 2024, totaling $9.3 million. However, this latest campaign suggests that scammers are redoubling their efforts.

Crypto investors should take every measure to secure their wallets, recognizing that the responsibility for safeguarding digital assets ultimately lies with the individual.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Source link

Lockridge Okoth

https://beincrypto.com/ledger-users-targeted-in-phishing-scam/

2024-12-18 07:44:01

bitcoin
Bitcoin (BTC) $ 96,230.78 3.21%
ethereum
Ethereum (ETH) $ 3,329.41 5.87%
tether
Tether (USDT) $ 0.999216 0.02%
xrp
XRP (XRP) $ 2.22 6.09%
bnb
BNB (BNB) $ 657.54 4.91%
solana
Solana (SOL) $ 183.58 8.46%
dogecoin
Dogecoin (DOGE) $ 0.31287 9.79%
usd-coin
USDC (USDC) $ 1.00 0.09%
staked-ether
Lido Staked Ether (STETH) $ 3,321.95 5.93%
cardano
Cardano (ADA) $ 0.889473 10.46%
tron
TRON (TRX) $ 0.245059 3.98%
avalanche-2
Avalanche (AVAX) $ 37.53 10.91%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,945.34 6.17%
chainlink
Chainlink (LINK) $ 21.99 11.21%
the-open-network
Toncoin (TON) $ 5.31 5.92%
sui
Sui (SUI) $ 4.45 7.52%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 95,870.69 3.29%
shiba-inu
Shiba Inu (SHIB) $ 0.000021 10.41%
hyperliquid
Hyperliquid (HYPE) $ 32.97 4.79%
stellar
Stellar (XLM) $ 0.354135 8.73%
polkadot
Polkadot (DOT) $ 6.95 10.39%
hedera-hashgraph
Hedera (HBAR) $ 0.252121 10.16%
weth
WETH (WETH) $ 3,329.70 5.93%
bitcoin-cash
Bitcoin Cash (BCH) $ 449.98 4.50%
leo-token
LEO Token (LEO) $ 9.30 0.59%
uniswap
Uniswap (UNI) $ 13.52 7.40%
litecoin
Litecoin (LTC) $ 99.84 5.28%
pepe
Pepe (PEPE) $ 0.000017 11.54%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,513.22 5.79%
near
NEAR Protocol (NEAR) $ 4.97 11.68%
ethena-usde
Ethena USDe (USDE) $ 0.999654 0.07%
bitget-token
Bitget Token (BGB) $ 4.13 10.87%
usds
USDS (USDS) $ 0.997096 0.34%
aptos
Aptos (APT) $ 9.40 15.81%
internet-computer
Internet Computer (ICP) $ 9.96 11.71%
aave
Aave (AAVE) $ 296.14 13.19%
crypto-com-chain
Cronos (CRO) $ 0.155513 8.71%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.473172 9.21%
ethereum-classic
Ethereum Classic (ETC) $ 25.91 8.73%
mantle
Mantle (MNT) $ 1.13 13.71%
render-token
Render (RENDER) $ 7.09 11.36%
vechain
VeChain (VET) $ 0.045021 11.09%
monero
Monero (XMR) $ 189.95 0.55%
whitebit
WhiteBIT Coin (WBT) $ 24.31 1.28%
mantra-dao
MANTRA (OM) $ 3.64 6.69%
dai
Dai (DAI) $ 1.00 0.10%
bittensor
Bittensor (TAO) $ 454.98 9.52%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.26 11.20%
arbitrum
Arbitrum (ARB) $ 0.743494 11.51%
ethena
Ethena (ENA) $ 1.02 13.67%