Scammers Targeting Ledger Hardware Wallet Users with Phishing Letters
In a concerning development, scammers have resorted to sending physical letters to Ledger hardware wallet users in an attempt to steal their wallet seed phrases. This phishing scheme, which mirrors the tactics used in the aftermath of Ledger’s 2020 data breach, poses a significant threat to the security of crypto investors.
A recent social media post by Jacob Canfield shed light on this fraudulent activity, showcasing a deceptive letter received by a Ledger user through traditional mail. The letter, bearing official Ledger branding and a unique reference number, falsely claimed that a “critical security update” necessitated the submission of the recipient’s 24-word recovery phrase. It further warned that failure to comply with this supposed “mandatory validation process” could result in restricted access to the user’s cryptocurrency funds.
Ledger promptly responded to the revelation, emphasizing that the company would never request a user’s recovery phrase. This serves as a crucial reminder for crypto enthusiasts to exercise caution and vigilance in safeguarding their assets from malicious actors.
Speculation has arisen that this latest scam letter may be linked to the infamous data breach suffered by Ledger in July 2020. During that incident, a hacker exploited an inactive API key to breach Ledger’s e-commerce and marketing database, compromising sensitive customer information, including email addresses, names, phone numbers, and shipping details.
While the direct connection between Canfield’s letter and the 2020 breach remains unconfirmed, previous reports have highlighted the utilization of data from the breach in various crypto phishing campaigns. These fraudulent activities have encompassed fake emails, counterfeit hardware wallets, and scam websites, underscoring the persistent threat posed by cybercriminals targeting the crypto community.
In light of these deceptive tactics, it is imperative for Ledger users and crypto investors at large to exercise heightened caution and skepticism when faced with unsolicited requests for sensitive information. By remaining informed and proactive in their security practices, individuals can mitigate the risk of falling victim to such malicious schemes and protect their valuable digital assets.