Phishing Campaign Targets Ledger Wallet Holders

Ledger wallet holders are the target of a new SMS and email phishing campaign. The scammers refer to a fake site using the image of Ledger to steal funds from their targets.

The information comes to us from blogger Manuel Dorne , better known under the pseudonym Korben , who personally received the fraudulent SMS last night:

Ledger SMS phishing

The Bitcoin Pro app proves at first glance quite legitimate, it integrating the name and first name of the recipient, that only Ledger is supposed to know. The message invites the holder of a wallet to go to a fake site, called “ Ledger Report ”, a domain name which refers to another rather suspicious “ Lėdgė ”.

There is all the subtlety, the domain name does not use the letter ” e ” like Ledger, but rather a ” ė ” point above. So, the scam site looks a lot like an official Ledger page, but it isn’t .

Once on the site, the method used by this scam is rather unhealthy. Indeed, this fake page indicates that several customers have been victims of theft of their funds, and that they must therefore add a new passphrase to their wallet.

Then, if a trapped person fills in the recovery phrase from their wallet, crooks can freely access and steal the funds.

Ledger quickly confirmed on Twitter the existence of this scam:

“According to our information, some crooks come into contact with Ledger users through text messages and emails. Never give out the 24 words of your recovery phrase. Ledger will never ask you for them. ”

A data breach involved?

Remember, last June Ledger was the target of a massive hack . A hacker had successfully exploited a security hole in order to gain access to the company’s marketing database.

The attacker had thus stolen the email addresses of approximately one million customers . In addition, for 9,500 of the affected customers , information such as last name, first name, postal address, telephone number or products ordered were also stolen.

The link can therefore quickly be made between this phishing campaign and this data leak, the attacker using the information retrieved from this leak to target Ledger wallet holders.

When user RickV3D asks if the scammers got the phone numbers since the data breach , Ledger denied it:

“For some reasons, we can’t explain in more detail so far. There does not appear to be a link to our July e-commerce database leak. “