Ledger Users Could Be at Risk of A New Phishing Scam

News / 26.11.2020

Ledger wallet holders target of a new email phishing scam that seeks to steal funds from their wallets. The mail was sent to users whose data were compromised in the Ledger data security breach in July.

Phishing Scam Message Designed To Look Legitimate

At first glance, the e-mail might look legitimate as the email address used this time, “no-reply@legdersupport.com,” looks fairly similar to Ledger. It states that the wallet platform had fallen victim to a cyber attack. We’ve got a copy of this scam email, and here’s how it looks like:

Dear client,

We are sorry to inform you that Ledger has fallen victim to a cyber attack and that an unauthorized third party has illegally obtained confidential data belonging to approximately 81,000 customers.

You’re receiving this e-mail because the Ledger wallet associated with your e-mail address (client email) has been found within those affected by the breach.

To be more specific, on the 11th of November 2020, our forensics team members have detected malicious software installed on one of Ledger Live’s administrative servers.

Despite our relentless efforts, as of today, it’s technically impossible to make an accurate assessment of the severity of this data breach. Due to these circumstances, we must assume that your funds could be at immediate risk of theft.

If you’re receiving this e-mail, it’s because you’ve been affected by the breach. To protect your assets, please download the latest version of Ledger Liver and follow the instructions to set up a new PIN for your wallet.

Sincerely,

Ledger.

This phishing email scam is similar to previous scams that have been experienced by Ledger wallet users. Once the victim clicks on the link, they are referred to a page and told to recover their wallets. During the wallet recovery phase, cybercriminals can freely access and steal funds from victims.

Ledger Suffered Major Security Breach In July

Ledger revealed in July that it had suffered a security breach in its database. The breach was discovered when a cybersecurity researcher discovered a bug during a bounty program. The hackers had exploited the breach and gained access to the company’s marketing database. This database contained emails that were used to send order confirmations and promotional emails.

According to Ledger, the email addresses of approximately one million customers were affected. Since then, Ledger users have complained that their emails have been subjected to phishing scams. This latest phishing attack shows that the hackers are not relenting on using the information gotten to steal funds from unsuspecting Ledger users.

Olowoporoku Adeniyi is a blockchain enthusiast and crypto evangelist. Currently he loves all things crypto and covers happenings within the blockchain space.