Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Fake Ledger data breach emails used to trick victims into giving up recovery phrases

Bitcoin.

  • New phishing email scam impersonating Ledger spotted
  • The emails claim the user's Ledger wallet seed phrase was compromised, and asks for confirmation
  • Users that provide the seed phrase lose all their money

Criminals are trying to steal cryptocurrency by impersonating hardware wallet firm Ledger and sending phishing emails.

Victims have reported receiving emails pretending to be from Ledger, and claiming that their seed phrase (also known as recovery phrase, or mnemonic seed) is compromised. To protect their digital belongings, the victims are invited to “verify the security” of the recovery phrase through the “secure verification tool”.

The email comes with a “Verify my recovery phrase” button which leads people through an AWS website, to a domain "ledger-recovery[.]info". There, users can enter their recovery phrase, which is then saved on a server and relayed to the attackers.

Providing the right data

A recovery phrase is used to load the contents of a cryptocurrency wallet into a new device, or new software wallet. It usually comes as a series or either 12, or 24 random words. Whoever has access to this phrase, also has access to the funds, so it is absolutely pivotal that these remain offline, hidden, and not shared with anyone.

To make sure they’re getting the real deal, the scammers added several safeguards to the phishing page. The site is limited to 2048 valid words that can be entered as part of the mnemonic seed phrase. Furthermore, whatever the user enters, they will get the response that the seed phrase is wrong - most likely to allow the victims to double down on their entries and thus confirm they have provided the right information.

Phishing emails often used to have poor grammar and spelling and could typically be identified by clumsy, amateurish wording. However, with the introduction of generative AI, that is no longer the case. In this case, though, the clue was in the email address, since it came from the SendGrid email marketing platform. Furthermore, the link redirects through an Amazon AWS website, which should also be a red flag.

It is impossible to know how many people (if any) fell for the trick, but those that did lost their money permanently.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.