Ledger users are dealing with a clever phishing scam that takes advantage of the busy holiday season online. Scammers are pretending to be official Ledger messages to steal users’ recovery phrases, which are important for accessing crypto wallets.
A phishing campaign, noted by Bleeping Computer, starts with emails called “Security Alert: Data Breach May Expose Your Recovery Phrase.” These messages wrongly say that a data breach has put users’ recovery phrases at risk, leading them to a fake Ledger website that looks real, hosted on Amazon Web Services.
When users go to the fake site, they are asked to do a “security check” by typing in their recovery phrases. The site incorrectly confirms these phrases, no matter if they are right or wrong, pushing users to keep attempting until they accidentally give the right information. When scammers get these recovery phrases, they can take over the victims’ wallets, causing big financial losses.
Ledger has not confirmed a new data breach, but the company has stated that it will never ask users for their 24-word recovery phrases. This warning follows earlier phishing incidents, especially after a 2020 breach that revealed customer data. In December 2023, there was an incident where Ledger’s connector library was exploited, leading to significant financial losses.
Phishing losses in the cryptocurrency sector dropped by 53% in November 2024, but this new scam shows that attackers are changing their methods. Security experts stress that crypto investors must stay alert, particularly during risky times like the holidays. In the end, it’s up to each person to protect their digital assets, highlighting the importance of taking steps to avoid scams.
