Ledger customers shared their experience of an attempted scam on the popular crypto hardware wallet, which could be linked to the Ledger data breach.
On the forum on the social networking site Reddit, one user claimed to have been a victim of the alleged scam. Jjrand posted pictures of what appears to be his fake Ledger Nano X wallet, which he received as a replacement for his previous one.
It is a seemingly authentic Ledger product box, but it had a poorly written letter from Ledger CEO Pascal Gauthier inside, stating that a new device had been sent to replace the previous one for added security.
Not only that, along with the alleged hardware wallet, the fake instruction manual explains how it works but also asks for the “private recovery phrase” to connect the crypto wallet to the new device.
Hence the doubt! The famous private phrase is the essential key that protects the user from any intrusion into their crypto wallet, especially in the case of hardware wallets. In this regard, on the official Ledger Twitter account, the tweet against scams is pinned at the top:
🚨 WARNING: STAY VIGILANT OF ONGOING PHISHING SCAMS! 🚨
Remember that Ledger will never ask for your 24-word recovery phrase or PIN. Never share it!
— Ledger (@Ledger) December 16, 2020
“WARNING: STAY VIGILANT OF ONGOING PHISHING SCAMS! Remember that Ledger will never ask for your 24-word recovery phrase or PIN. Never share it! Check out this page to verify if the communication you have received is a scam: https://bit.ly/3gPRCAg“.
In addition, following the current affair, security researcher Mike Grover also described the replacement Ledger he received as a tampered product, which would confirm that the issue does indeed involve scammers.
Jjrand then continues:
“There are enclosed instructions in the Nano box which ask the user to connect the device to their computer, open a drive and run the fake Ledger Live app. To initialize the device, the user is asked to enter his 24 words in the fake Ledger Live app. This is a scam. A Ledger Nano is not a USB device. It does not contain any application to download and install on your computer. The only way to download the Ledger Live app is by using the official download page. Plus, Ledger and Ledger Live will never ask you to share your 24-word recovery phrase”.
Ledger and the continuing data breaches
The present affair is yet another Ledger data breach reported by Ledger customers to stick together with the famous crypto hardware wallet and its entire community.
The first report, in fact, dates back to the summer of 2020, when 1,075,382 email addresses, all subscribers to the company’s newsletter, allegedly received fake emails requesting personal information or just the private phrase.
In early 2021, the data breach exploited by the criminals came from Shopify and involved 20,000 users.
Despite these criminal attempts, Ledger remains the hardware wallet par excellence, so secure that it was also integrated into Samsung’s wallet in the middle of last month.