Phishing attack on Ledger owners

Scammers have sent fake emails to Ledger wallet owners, posing as support representatives, claiming a data breach, and urging users to check their devices on a fraudulent website. The emails appear convincing as the sender's address resembles the official Ledger domain, but the campaign was conducted through an email marketing platform.

How does the scam work?

On the fake website, users encounter an interface almost indistinguishable from the original, with a pop-up window requesting private keys and seed phrases. These details grant scammers full access to the funds. The fraud involves not only emails but also the website, making the attack particularly dangerous.

Ledger’s response and attack consequences

Ledger commented on the situation, noting that attempts at online fraud are a constant threat that cannot be entirely eliminated.

The exact number of victims of this phishing attack has not yet been reported. However, such incidents are not uncommon: previously, a Ledger user reported losing 10 BTC, but the company denied liability, stating that the vulnerability was not their fault.

In December 2023, the company acknowledged that a software library used by decentralized applications had been compromised. This allowed a hacker to insert malicious code, leading to the theft of approximately $600,000.

How to protect your funds

To protect your funds, ignore suspicious emails and verify the sender's address. Use only the official website to access your wallet and never disclose private keys or seed phrases. Two-factor authentication adds an extra layer of security.