A new phishing campaign targeting Ledger cryptocurrency wallet users is currently active, masquerading as a data breach notification to steal recovery phrases and cryptocurrency assets.
The Attack Method:
– Fraudulent emails claim to be from “Ledger [email protected]”
– Emails warn of an alleged data breach affecting recovery phrases
– Users are directed to a fake verification page hosted on Amazon AWS
– The phishing site redirects to “ledger-recovery[.]info”
– Victims are prompted to enter their 12, 18, or 24-word recovery phrases
Technical Details:
– The phishing site validates entered words against legitimate recovery phrase vocabulary
– Entered phrases are transmitted to attackers’ servers in real-time
– The site deliberately returns “invalid phrase” messages to encourage multiple attempts
Security Recommendations:
1. Never enter recovery phrases on any website or application
2. Only input recovery phrases directly into Ledger hardware devices
3. Manually type ledger.com instead of clicking email links
4. Disregard all emails requesting recovery phrase verification
5. Remember that Ledger never requests recovery phrases via email
This campaign follows a pattern of increased phishing attempts since Ledger’s 2020 data breach, which exposed customer contact information. The current attack demonstrates sophisticated social engineering tactics, highlighting the importance of maintaining strict security practices for cryptocurrency storage.