Scammers are using phishing attacks to hack users of ledger data breach to steal cryptocurrency
Scammers are presently mailing hacked ledger devices to Ledger users. They have a bid to steal Crypto from unsuspecting users. Furthermore, additional images show that the device was sealed and made to look like an authentic observing Ledger device.
An alarmed user posted on Reddit that they had gotten a Ledger device that they hadn’t bought. In the package was a poorly worded letter riddled with grammatical errors that clarified that due to a cyberattack. Ledger was substituting all old devices with new ones for the reason of safety.
Fake Letter from Ledger which tells why the letter was sent
Images source-Reddit user - jjrand
Sealed box ledger device directed to the user:
The user then passes on to open the device which possesses instructions for connecting the device to a computer and installing the application from the device. Requesting to choose seed phrase length and inputting your seed phrase into the device.
* The device was given in a sealed box.
* Instruction manual in the device to contribute seed phrase.
* Instructions controlled in the device asking to input seed phrases.
* Growing more doubtful, instead of plugging the device into their computer, the user went on to pull to pieces the Ledger device itself.
* Side by side comparison of original and scam Ledger devices.
* The fake device on the left and the original device on the right.
* The scam is a phishing scam meant to send the attackers the seed phrases once they are going into the compromised device.
Fake ledger device on the left side and original ledger device on right side
Images Sources: Reddit user – jjrand
Late the previous year, Ledger had declared that there had been a data breach and the attackers had gotten in contact with their databases. The names, mailing addresses, and phone numbers of 272,000 customers were stolen. This was later posted on Raidforums. Raidforums is a platform where hackers go to post the facts of hacked databases.
Ledger had come forward after the breach to declare to customers that there was no need to worry. The hack had no system of affecting the hardware wallets of users. As the secretive keys to the wallets were only held by users and there was no mode for the hackers to essentially get their hands on them.
CBW - External Analyst