- The victims of Ledger’s data breach have been exploited by scammers.
- Mails were sent out to the users, seeking private information from them.
- These scammers were disguised in the form of wallet replacement services from Ledger.
Ledger wallet is one of the world’s most trusted hardware wallets for storing any kind of cryptocurrency. There are plenty of other cold storage providers too. It is said that keeping your crypto in the Ledger wallet as offline storage has a lot of security benefits. But the question that came into everyone’s mind was the extent of safety. A year earlier, Ledger’s customer database was breached by hackers and now, they are trying to phish private information out of the users.
A user on Reddit brought this incident into the spotlight. He went by the username “u/jjrand” and is one of the many that got affected during this scam. He posted on Reddit, a post wherein he informed others about the mail he received. In the mail, he found a ‘Ledger wallet’ that was supposedly sent by the company itself.
Scammers seeking information from Ledger wallet users
In the mail, the scammers sent a fake Ledger Nano S wallet which is one of the most popular products from the company. The wallet that the users received in the mail came with a letter that was pretty poorly written. It said,
“For security purposes we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.”
This letter itself seemed fishy to the Reddit user who then tried to warn other users. This letter was written represented Ledger CEO Pascal Gauthier, and there was a sign of him too on this letter too. This brought about hesitation in the person. He even posted pictures of the wallet which are shown below.
There was also a manual present that was different from the one that is received with the original Ledger wallet. The manual had instructed to write the recovery phrase to activate the new device and it was also said that it won’t work for new setups. It bolded a line in red that specifically asked the user to focus on the manual and follow the steps given there.
The pictures of the inside of the Ledger suggested that the device was tampered with and if the Reddit user had entered his information, he would’ve lost access to his wallet which meant that all his money would’ve been stolen.