A Reddit user alerted people in his group to the existence of such an attack.
A fake email tells users their Ledger assets are compromised. The email says, “Our forensics teams have found Ledger Live administrative servers to be infected with malware.” This claim is obviously false; the email looks professional, but it is a phishing attempt to steal PINs and passphrases.
The email is convincing and even savvy users might be fooled. Ledger has since confirmed that a phishing attack has been targeting Ledger customers.
“I received this email and I was pretty confused. Everything appeared to check out,” said one Reddit user.. “However, you can see that the URL is not correct (notice the dot on the second ‘e’ => ledgėr). What triggered my suspicion was that I received the email twice within a couple of minutes..”
Another Reddit user said, “This looked really legiti,ate, so much so I contacted Ledger if it was real. I am normally pretty good at sniffing these things out – this was the most convincing attempt I have seen to date.”
In July, the Ledger team learnt that an API key related to their marketing database was compro,ised, and the database accessed by an unauthorized person or persons. The database details (email addresses in the main) were used to send order confirmations and promotional emails.
In a blog post highlighting the hack, the Ledger team stated that users’ payment information and crypto funds were safe.
Experts have independently reviewed one of these phishing attempts, which was sent from “firstname.lastname@example.org.” The key clue in any phishing email is a misspelling of a real address or URL; in this case, “ledger.com” is misspelled.
Phishing attacks are of course very common and attackers are becoming better at creating emails that resemble official company emails. They rely on people making mistakes and clicking on a link that will compromise their cryptocurrency security.
A Ledger representative has said that an internal task force has been deployed to investigate the latest attack.
“The investigation has started andwe cannot give any further information but one thing is for sure: Ledger will not ask you for your 24-word recovery phrase, which is always a sign of a scam,” said the representative . “Ledger encourages customers to be careful as phishing attacks become better and to alert Ledger’s support team and also to consult Ledger.com for more information on the existance of scams.”