Ledger Customers Are Being Mailed Fake Wallets to Steal Their Private Seeds

Jun 19, 2021 | Bitcoin News | 0 comments

ledger-customers-are-being-mailed-fake-wallets-to-steal-their-private-seeds

Ledger customers are receiving fake wallets by mail to steal their cryptocurrency. A user in Reddit reported receiving a suspicious package that claimed to be mailed by Ledger. The package included a letter stating the user needed to substitute the current wallet for safety reasons. Ledger has been the source of several leaks of information of customer data. Criminals are presumably using this information to organize these schemes.

Scammers Are Mailing Fake Wallets to Ledger Customers

Scammers are reportedly mailing fake hardware wallets to Ledger customers to steal their private seeds. According to the statements of a Reddit user, he received a package sent by Ledger with a legit-looking Ledger Nano X. The package also contained a letter that stated their current wallet was compromised. This letter stressed the user needed to replace their current wallet with the new one. It declared:

For security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device.

The package reportedly included instructions to set up the new cryptocurrency wallet with the private key. However, upon further inspection, the hardware wallet mailed was a modified version of the original Nano X. Also, this modified wallet contained a series of different connections inside of the device.

Mike Grover, a security consultant, talked to Bleepingcomputer about the fake wallet. Grover declared:

This seems to be a simply flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery.

The Ledger web page has updated its phishing campaign page to alert users of this new modus operandi.

Customers Facing Huge Data Leaks

The company suffered two important data leaks last year. The first one happened on July 14, when an unidentified third party accessed one million emails and 9,500 addresses from its users. Furthermore, last December 20, the information was leaked to the internet for free. As a result of this, its customers are facing a series of phishing and scam attacks by mail.

The blog of James A. Chambers gives proof of these attacks. The article titled “Life as a Ledger Wallet Data Breach Victim” tells all the problems these leaks have created for him remotely. The company is even facing a class-action lawsuit from part of the users filed last April 6. However, this is one of the first attacks targeting users physically by sending modified products.

What do you think about this new attack on Ledger customers? Tell us in the comments section below.

News Source from news.bitcoin.com

Related Articles

Vermont Is Fourth State to Target BlockFi’s Bitcoin Savings Accounts

Vermont Is Fourth State to Target BlockFi’s Bitcoin Savings Accounts

Vermont is the fourth state to issue an order against crypto lending firm BlockFi's high-interest savings accounts for offering unregistered securities. Details of the notice served by Vermont's financial regulator aren’t yet available but BlockFi informed customers...

Here are the 12 biggest crypto hires thus far in 2021

Here are the 12 biggest crypto hires thus far in 2021

Quick Take There has been a big increase in the flow of talent from Wall Street to the crypto world. We take a look at the 12 biggest moves that have happened so far this year. This feature story is available to subscribers of The Block Daily. You can continue reading...

Countries representing over 90% of global GDP are exploring CBDCs

Countries representing over 90% of global GDP are exploring CBDCs

Governments around the world are pouring more resources into CBDC research and exploratory use cases. Among the major economies, China appears to be pulling ahead and has plans to implement digital-yuan usage during the 2022 Winter Olympics in Beijing. The quest to...

Pin It on Pinterest

Share This