Ledger Scammers Reportedly Go Trans-Wallet & Target Trezor Users
The Ledger hardware wallet phishing saga continues, but has now spread to competitors, with Trezor users reportedly becoming the scammers' targets as well.
"The Ledger leak phishers are now phishing for Trezor users," warned Jameson Lopp, Chief Technology Officer at US-based crypto security specialist Casa. He tweeted a message saying that the user's TREZOR Wallet has been deactivated, and that they need to pass verification as there are some new know-your-customer (KYC) regulations, with a link included.
And he's apparently not the only one, as several other people reported getting the same text from what appears to be 'TREZ0R' with a zero instead of an O.
A lot of people are sadly going to lose money. Very high quality scam. pic.twitter.com/XptM3Nkm1n— Zach Herbert 🇺🇸 (@zachherbert) December 13, 2020
As previously reported, Ledger announced this summer that it had suffered a data breach, and since then, the scammers have been using the information they obtained on the users to try and trick them into giving them their seed phrases. For Ledger users, they recently used an email which to some may look legitimate, but contains errors and falsehoods which point to it being a scam.
However, the scammers have gone trans-wallet now. Therefore, people have been looking for similarities between the attacks, with a commenter saying that "This attacks multisig setups with 2oo3 hardware wallets - one from Ledger, one from Trezor."
There are those who think of this as a "very high-quality scam," and those who "fail to understand how anyone with the sense to own and set up a hardware wallet could fall for something like this," adding that "phishing scams like this are what my grandma falls for, not bitcoiners."
Yeah but it may get some people who knows. Maybe somebody’s spouse has to know seed phrase details in case of death. They aren’t too savvy though and fall for it. Saw a story about that the other day. Scary but a potential single point of failure for a thorough multisig setup.— Nick (@Ndub1234) December 13, 2020
There are also many who believe Ledger has caused numerous people "financial loss and pain." Ledger "is very aware and has been working very hard to alleviate any issues caused by these increasingly sophisticated phishing scams," they told Cryptonews.com. They've issued statements and guidance on Ledger Academy, and published blog posts on the subject, said the emailed comment. It added that they "also sent a series of warning emails to their customer base and are keeping an active conversation through their social media channels," as well as discussed the issue during the Ledger Decoded event recently.
Meanwhile, as always, people are warning others that you can never be too careful when it comes to your seed phrase.
the only advice I give. NEVER WRITE YOUR FUCKING SEED ANYWHERE. when it's asked to you, just don't do it. never.— PabloW 👽 (@pablowasserman) December 12, 2020
if you must, check at least 10 times if it's the right place to put it.
And then there are those who decided to have some fun with the entire situation and 'educate' the scammers.
I’m taking the fight to them. pic.twitter.com/V4g5TzVSnv— Bri-man (@bkunzi01) December 13, 2020
Crypto Security in 2021: More Threats Against DeFi and Individual Users
Personal Data Leaks In Crypto Are Inevitable, Here’s What Can Be Done
Discovered Vulnerability Made Ledger to Choose Between 'Security and Usability'