Scammers have begun sending out faux hardware wallets to Ledger prospects in an try to steal the cryptocurrency from their Bitcoin wallets.
In response to a new report from BleepingComputer, a Reddit person who goes by the deal with ‘jjrand’ lately made a post on the site explaining how they’d acquired a Ledger Nano X hardware pockets within the mail. The shrink-wrapped package deal was emblazoned with the corporate’s emblem to make it seem extra professional and contained an set up guide.
Nonetheless, the package deal jjrand acquired, which they did not place an order for with the corporate, additionally contained a letter from Ledger CEO Pascal Gauthier that defined the alternative machine was despatched out following an information breach that led to buyer info being uncovered on a well-liked hacking discussion board, which learn:
“Because of this for safety functions, we’ve got despatched you a brand new machine you will need to swap to a brand new machine to remain secure. There’s a guide inside your new field you’ll be able to learn that to learn to arrange your new machine. Because of this, we’ve got modified our machine construction. We now assure that this kinda breach won’t ever occur once more.”
For instance, in December of 2020, the company’s customers were targeted by a phishing campaign which used fake data breach notification emails to try and convince Ledger users to download the Ledger Live app. While the mobile version of the app in the links included in these emails was real, the desktop version wasn’t and if a user installed it, the app would prompt them to enter both their recovery phrase and secret passphrase in order to gain access to their wallet and steal their crypto.
These ongoing phishing campaigns have become so frequent that Ledger created a list on its website to keep track of them all. In a statement to TechRadar Pro, the company’s chief information security officer Matt Johnson provided further details on this latest scam, saying:
“We are aware of this scam, which we have included in our list of ongoing malicious attacks listed on our website. You should be suspicious of receiving a free product in the mail that you didn’t order and check Ledger’s official channels or contact Ledger support team. Ledger and Ledger Live will never ask you to share your 24-word recovery phrase. Finally, Ledger communicates securely through Ledger Live, never by mail or phone. We would never mail anything to your address without your consent.”
Ledger customers should remain vigilant in order to prevent falling victim to this most recent scam as well as others designed to steal their cryptocurrency.