Scammers sent out fake wallets to the victims of the Ledger Data breach as the customers reported receiving fake replacement devices that were designed to phish private security information so let’s find out more today in our latest cryptocurrency news.
The consequences of Ledger’s major data breach are still felt a year later. One contributor on Reddit wrote that now, scammers sent out fake wallets to the victims of the data breach and posted images of what seems to be a fake Ledger Nano X wallet in the mail. Wrapped in seemingly authentic packaging, the device included a few signs that sparked suspicion. The package came together with a poorly written letter that claimed to be signed by CEO Pascal Gauthier that said:
“For security purposes we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.”
Aside from the letter, the Reddit user received a fake manual and enclosed instructions regarding how to use the device but also asked the users to enter their private Ledger recovery phrase and connect their crypto wallet to the new wallet. On the basis of the images he posted and showed the device’s circuit board, security researcher Mike Grover said that the fake device was tampered with:
“This seems to be a simply flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery. All of the components are on the other side, so I can’t confirm if it is JUST a storage device, but […] judging by the very novice soldering work, it’s probably just an off the shelf mini flash drive removed from its casing.”
Gover outlined a section of the back of the device which showed a flash drive implant and noted that the 4 wires piggyback the same connections for a USB port of the wallet. On the basis of Gover and the BleepingComputer analysis, it seems that the heist is designed to intercept the users’ entered recovery phrase so they are able to reroute the details to another device controlled by the scammers. In an online post on May 10, Ledger already warned customers against fake letter and devices saying:
“The fake user guide in the Nano’s box asks the user to connect the device to a computer. To initialize the device, the user is then asked to enter his 24 words in a fake Ledger Live application. This is a scam. Do not connect the device to your computer and never share your 24 words. Ledger will never ask you to share your 24-word recovery phrase.”
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]