A brand new Ledger phishing marketing campaign is underway that pretends to be an information breach notification asking you to confirm your restoration phrase, which is then stolen and used to steal your cryptocurrency.
Ledger is a {hardware} cryptocurrency pockets that means that you can retailer, handle, and promote cryptocurrency. The funds in these wallets are secured utilizing 24-word restoration phrases or 12 and 18-word phrases generated by different wallets.
Anybody who is aware of your Ledger restoration phrase can use it to entry the funds inside the pockets. Subsequently, restoration phrases should at all times be stored offline and by no means shared with anybody to stop cryptocurrency funds from being stolen.
Faux information breach notifications
Ledger has lengthy been a goal of phishing campaigns that try and steal customers’ restoration phrases or push faux Ledger Reside software program to steal data. These campaigns grew to become considerably worse after Ledger suffered an information breach in 2020 that uncovered its clients’ names, addresses, telephone numbers, and electronic mail addresses.
Nonetheless, over the previous few days, a number of folks have notified BleepingComputer or shared on X that they acquired a Ledger phishing electronic mail that pretends to be a brand new information breach notification.
The phishing emails have the topic of “Safety Alert: Information Breach Could Expose Your Restoration Phrase” and seem like from “Ledger
The phishing emails declare that Ledger suffered an information breach and that some restoration phrases have been uncovered. The e-mail then goes on to say that the person should confirm their restoration phrase on Ledger’s official verification web page.
“We remorse to tell you {that a} current information breach has affected our service. Whereas your Ledger pockets stays safe, there’s a chance that restoration phrases (also called “seed phrases”) linked to sure accounts have been uncovered,” reads the phishing electronic mail.
“To safeguard your property, we strongly encourage you to confirm the safety of your restoration phrase via our safe verification software.”
Supply: BleepingComputer
Clicking the “Confirm My Restoration Phrase” button brings you to an Amazon AWS web site at “https://product-ledg.s3.us-west-1.amazonaws[.]com/get well.html” that then redirects customers to a phishing web page at “ledger-recovery[.]data”.
The ledger-recovery[.]data area was registered on December fifteenth, 2024.
This web site pretends to be a Ledger web site that asks you to carry out a safety examine to see in case your restoration phrase is compromised, as proven beneath.
Supply: BleepingComputer
Clicking the “Confirm your Ledger now” brings up one other web page asking you to enter your 12, 18, or 24-word Ledger restoration phrase.
Supply: BleepingComputer
As you enter every phrase, the phishing web page will examine if the phrase is one in all 2,048 legitimate phrases that may be entered as a part of a restoration phrase. If a phrase not on the record is entered, will probably be proven with a line via it.
As you enter every phrase, the phishing web page will ship the entire entered restoration phrases to the location’s backend to retailer them on the server.
BleepingComputer was instructed that it doesn’t matter what restoration phrase you enter, it’ll at all times state that it was invalid. It’s believed this being performed in order that targets enter the phrase a number of occasions, permitting the phishing web page to confirm that the proper phrases are being entered.
Different folks have additionally shared different Ledger phishing emails despatched out just lately, together with one which pretends to be a brand new firmware replace. It, too, makes an attempt to steal customers’ restoration phrases.
Armed with the restoration phrase, the attackers can achieve full entry to your cryptocurrency funds and steal them.
What ought to Ledger house owners do?
Firstly, by no means enter your restoration phrase or secret passphrase in any app or web site. Restoration phrases ought to solely be entered immediately on the Ledger system you are attempting to get well.
As it’s simple to create lookalike domains that impersonate authentic websites, on the subject of cryptocurrency and monetary property, at all times sort the area you are attempting to achieve into your browser relatively than counting on hyperlinks in emails. This manner, you will ledger.com relatively than a web site impersonating it.
Lastly, disregard any emails claiming to be from Ledger stating that you just have been affected by a current information breach or asking you to confirm your restoration phrase.
Ledger won’t ever ask you in your restoration phrase, and as beforehand mentioned, it ought to by no means be shared with anybody else.