Ledger users have reported receiving death threats and fake emails following the recent ledger hack compromising the database. What’s even worst, the Sim Swapping attacks have begun, with scammers sending “apology messages” to Ledger’s users tricking them into downloading “the latest version of Ledger”.
Now that the scammers have around 270,000 email addresses, phone numbers, and all kinds of data, they’re setting the way for massive phishing and Sim Swapping attacks. Ivan on Tech, a crypto educator, posted on his Twitter account about the fake messages sent to Ledger’s users.
SCAMMERS ARE GOING WILD
Sending fake emails pretending to be Ledger apologizing for the data leak and phishing you to install “latest version”
— Ivan on Tech (@IvanOnTech) December 21, 2020
A user from Ledger fell for this trap, as he followed the link and reported losing $4,000 with a modified metamask extension.
MetaMask main purpose is to serve as a wallet for Ethereum and a tool to interact with DApps (Decentralized Applications). It establishes a communication channel between the extension and the DApp in question. Once the application recognizes that MetaMask is present, it is enabled and can be used by the user.
Scammers can modify the extension, and send it to users pretending to be a certain company, thus gaining full access to the user’s wallet.
Outrage And Death Threats
The outrage concerning these massive waves of attacks is inflated now that users have reported that Ledger is not providing any type of support or assistance to them. Most likely, 270,000 users are in danger, since their personal data was leaked in Raidforum, according to a post from Ledger.
Users Under Danger
Around one million users were exposed since the attacks begun in July. Following phishing attacks in June, Ledger stated that the attacks only leaked the personal data of “9,000” users. But the company later admitted that the amount ascended to 270,000. Another concern is Sim Swapping, a technique used in conjunction with other social engineering techniques.
This technique is not the consequence of a security failure in personal devices, but rather the lack of strict verification protocols when requesting a copy of the SIM card. What criminals are looking for is access to the verification codes that companies, platforms, and banks usually send their users to mobile devices.
Likewise, Ledger could be in serious trouble if more people decide to sue the company, which seems quite possible as the outrage is increasing every day. Until now, Ledger has made no statement regarding this issue, which only means that affected users are on their own.