DESCRIPTION OF EVENTS
"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."
"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."
"The scammer is pretending to be working in a law firm in contact with Ledger. They are claiming that We have noticed someone tried to log in on your Ledger account from a location you have never used before. So we have blocked your account and wallet. and asking you to click on a link for a 2FA verification."
"The link provided by the scammers is not legitimate."
Ledger reports that a recent phishing campaign was launched targeting Dutch users in their language. This email pretends to be from a law firm working with Ledger, and requests the users to click a malicious link for 2FA verification. While details are not provided, typically links will either try to run a malicious transaction or obtain the user's seed phrase.
HOW COULD THIS HAVE BEEN PREVENTED?
The Ledger hardware wallet does not require 2FA verification. Only ever enter the seed phrase in the hardware wallet. Never sign transactions unless you were the one to generate them.
Ongoing phishing campaigns | Ledger (Mar 20)
Ledger Live : Most trusted & secure crypto wallet | Ledger (Feb 13)
Ledger Refuses Refunds, Tells Clients “Bank Vault Is More Secure” | Financegates (Mar 19)
Physical Addresses of 270K Ledger Owners Leaked On Hacker Forum - Slashdot (Mar 19)
Scammers Are Using Fake Devices to Steal Cryptocurrency Wallets | PCMag (Mar 6)
Beware: Latest Ledger Email Phishing Scam Making The Rounds (May 2)