Fake Data Breach Alerts Targeting Crypto Wallets
Ledger Users Beware: A sneaky new wave of phishing is targeting those who own Ledger hardware wallets. Scammers are sending out emails that look like they’re from Ledger’s support team, warning about a fake security breach that never happened!
The Scam’s Start Date
This scam kicked off on December 15, 2024, using Amazon’s AWS to make the emails seem legit. The big plan? To trick you into handing over your 24-word recovery phrase, which could let thieves steal all your crypto!
Why It’s So Convincing
This campaign is smart because it plays on the fears from Ledger’s actual data breach back in 2020. People remember that, so they’re more likely to trust these new emails.
Emails That Look Too Real
The emails come with a headline screaming, “Security Alert: Data Breach May Expose Your Recovery Phrase,” supposedly from “Ledger support@ledger.com (mailto:support@ledger.com).” But, surprise, they’re actually coming from a sneaky service called SendGrid.
Scam Email
The Phishing Journey
Click the “Verify My Recovery Phrase” button, and you’re on a wild ride. First, you hit an Amazon AWS URL, then you’re whisked away to a fake site that looks legit, thanks to its ability to check each word of your recovery phrase in real-time.
Screenshot taken of the actual scam website
Tricks to Fool You
This phishing site is clever; it always says your phrase is “invalid” to make you try again, just to make sure they’ve got it right. Plus, there are other versions of this scam pretending to be firmware updates, but they’re all after your precious phrase.
Ledger’s Response
Ledger’s fighting back with warnings. They’ve made it clear: they’ll never ask for your recovery phrase via email or any other way. Ever.
What Ledger Says to Do
- Be Cautious: Always type “ledger.com“ into your browser yourself instead of clicking from emails.
- Stay Alert: If you get an email from “Ledger” about a breach, think twice.
- Secure Your Phrase: Keep your recovery phrase offline, in a super-safe spot.
Source | Ledger’s actual website
What to Do If You’ve Been Hooked
If you’ve fallen for this, quick action is key! Move your crypto to a new wallet with a new phrase immediately. Consider your old wallet unsafe now.
Caution: Always do your own research (DYOR) before making any decisions. For trusted insights, check out blog.millionero.com. If you’re looking to trade, Millionero offers both spot and perpetual trading options. Stay secure, and happy trading!