UNKNOWN

MARCH 2022

GLOBAL

LEDGER

DESCRIPTION OF EVENTS

"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."

 

"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."

 

"The scammer is pretending to be working in a law firm in contact with Ledger. They are claiming that We have noticed someone tried to log in on your Ledger account from a location you have never used before. So we have blocked your account and wallet. and asking you to click on a link for a 2FA verification."

 

"The link provided by the scammers is not legitimate."

Ledger reports that a recent phishing campaign was launched targeting Dutch users in their language. This email pretends to be from a law firm working with Ledger, and requests the users to click a malicious link for 2FA verification. While details are not provided, typically links will either try to run a malicious transaction or obtain the user's seed phrase.

HOW COULD THIS HAVE BEEN PREVENTED?

The Ledger hardware wallet does not require 2FA verification. Only ever enter the seed phrase in the hardware wallet. Never sign transactions unless you were the one to generate them.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.