The famed hardware wallet manufacturer, Ledger, has suffered from a phishing attack. The event may be connected to a leak of the company’s customer data in July 2020.
Ledger Users Report Phishing Attack
There have been several reports mentioning a phishing email, which some Ledger users received. The fraudulent notice warned users of a security breach on Oct. 24, 2020, which put people’s crypto at risk. Victims of the malicious email were then urged The malicious email to visit a link and update firmware on Ledger devices.
The link took users to a phishing website with a ‘.io’ domain extension instead of the authentic ‘.com’ domain. The malware hosted on the fraudulent site can reportedly give hackers access to a user’s private keys and allow them to steal all their crypto.
At the time of writing, the phishing website is down. Ledger quickly reacted to the attack, sending customers a warning message about phishing attempts and making a website statement.
🚨 SCAM ALERT 🚨
According to our information, some scammers are getting in touch with Ledger users through text messages and emails.
Never give the 24 words of your recovery seed. Ledger will never ask for them.
— Ledger (@Ledger) October 19, 2020
Ledger’s case once again highlights the vulnerabilities of centralized setups for unencrypted data storage. Echoes of a single attack may continue to surface further, as scammers can reuse customers’ data like names, email addresses, and phone numbers endlessly.
A valuable lesson hardware wallet users can take away from this is remembering the famous crypto adage “don’t trust, verify” each time they receive a request asking for sensitive information.