Users of Ledger hardware wallets have reported receiving phishing emails thatit is suggested to install an emergency update.
Half-awake on a Sunday morning… I almostfell for this @Ledger scam email. Scams are getting more convincing. Always check Twitter before you take action on an email like this. A breach like this would be major news. pic.twitter.com/wucK2j9cNc
— Chris Blec (@ChrisBlec) October 25, 2020
In their letter, the cybercriminals say that on October 24, the Ledger team allegedly recorded malware infection of Ledger Live servers, affecting approximately 85,000 clients.
“Your address was, among others, damaged by hacking. We assume that your crypto assets are at risk of being stolen. To protect them, download the latest version of Ledger Live and follow the instructions to set up a new PIN for your wallet, ”the letter said.
User Chris Black noted that he receiveda letter to the mailing address that Ledger used to purchase goods. He later linked the phishing campaign to a Ledger user identity leak in the summer of 2020.
Other owners of the company's hardware wallets also received letters:
@Ledger I have fishing emails.
Can you maybe track the IP address if they used a know email provider?
Maybe you can track them down ?!— Mr. Nobody?? (@MrNobod79977306) October 25, 2020
I received two extremely well crafted fishingemails this morning from what appeared to be https://t.co/Jaigrm6R9g. The download pointed to ledgersupport dot io server from which to download app, in Panama… @Ledger_Support
Is this related to the email leak in June? https://t.co/Out37DMv9s— Philippe Tarbouriech (@phitar) October 25, 2020
Ledger's Twitter account has a post dated October 19, which urges users to be careful and not trust anyone's wallet seed:
? SCAM ALERT?
According to our information, some scammers are getting in touch with Ledger users through text messages and emails.
Never give the 24 words of your recovery seed. Ledger will never ask for them.
— Ledger (@Ledger) October 19, 2020
In July, unknown persons, through a vulnerability in the Ledger API key, gained access to a database containing email and postal addresses, names, phone numbers and information about the company's purchased products.
The developers confirmed the leak of personal information of about a million users, but they assured that payment data, information about bank cards and cryptocurrency accounts were not compromised.
</p></p>