Cryptoverse Warns: Protect Your Bitcoin From Fake Ledger Apps
A number of people on social media sites have been reporting receiving or knowing people who have received phishing emails, pretending to be from France-based major hardware wallet manufacturer Ledger and attempting to steal people's crypto. Some have reportedly lost all bitcoin (BTC) held in their wallets.
As reported, Ledger announced this summer that it had suffered a data breach, with a “third party” accessing at least 1 million of its users’ contact details. Scammers seem to continue to utilize the gathered information for their own financial gains, alerting users of imminent danger to their crypto, directing them to a fake application, a Ledger clone, and attempting to get their seed phrase.
Another round of Ledger phishing texts is making the rounds. This time it says your hardware wallet is "disabled" because of KYC regulations LOL— Andreas ☮ 🌈 ⚛ ⚖ 🌐 📡 📖 📹 🔑 🛩 (@aantonop) December 6, 2020
Don't click on the links, don't ever enter your mnemonic seed anywhere other than the Ledger device itself, directly.
Redditor 'bsteinfeld' said that they got an email stating it's from Ledger and informing them of a data breach that affected confidential information of some 115,000 customers. The email instructed the user to install the latest version of Ledger Live, after which they reportedly put their recovery phrase into a fake desktop app and losing their money.
Magic Internet Money Podcast host Brad Mills tweeted of a Bitcoiner who reportedly lost his entire USD 50,000 life savings through this scam. "Being your own bank means being ever-vigilant against social engineering hacks," he said.
Bitcoin developer Matt Odell also posted of a person who "lost everything. Complete devastation" due to these "convincing" scammers who are "raking it in."
The commenters are arguing that a person can't lose the entirety of their wallet content just by downloading a fake version of Ledger, but can do so if they transfer the whole content with the scammer redirecting it to another address, or, what they find more likely, if the user entered their seed into a network-connected computer and gave their real seed to the fake app.
The commenters are also saying that, despite the scammers putting in the effort to make it legit, the circulating email has quite a few red flags, such as incorrect dates or saying Ledger holds public keys. They're warning the Cryptoverse to "stay vigilant."
I reached out to a group I belong to and someone posted this screenshot. It's a very slick operation and could dupe many. The scammers have got their dates wrong (dated 4th but says breach occurred on the 8th) but otherwise looks very professional. Stay vigilant, hodlers. pic.twitter.com/cTCLmr5Cz4— JameS⚡ (@JamesLawbrick) December 10, 2020
On their part, Ledger has warned users that they wouldn't ask for recovery phases or assets to be sent. Many, however, think this is not enough.
Hey @Ledger you need to keep sending phishing warnings to all of your customers!— Brad Mills ✍️🔑 (@bradmillscan) December 9, 2020
People are losing their savings because of the hack!
Get in front of it, continually send out purposeful emails to your customers *just* about the hack!
Be a good steward! You need to do better. pic.twitter.com/AlNCMbIBST
Cryptonews.com has contacted Ledger for comment.