Phishing scammers spoof Ledger email to steal wallet seed phrases

Phishing scammers are now targeting Ledger users by spoofing the hardware wallet provider’s support email to steal wallet keys.

These fraudulent emails claim that Ledger has suffered a “recent data breach,” prompting recipients to verify their private seed phrases to protect their assets.

According to reports on X and BleepingComputer, the emails appear to come from Ledger’s legitimate support email but were sent via an email marketing platform.

The email leads to a website resembling Ledger’s official site and encourages users to “verify your Ledger.”

This site then asks users to input their seed phrase, giving scammers full access to their wallets.

In response, Ledger warned on X that such phishing attempts are “an unfortunate part of life online,” emphasising that they never ask for a user’s 24-word recovery phrase.

“If someone does, it’s a scam,” the company also clarified.

It remains unclear if any Ledger users have fallen victim to this scam. 

This phishing attempt follows an incident on December 13, where a Ledger user reported losing $2.5 million in Bitcoin (CRYPTO:BTC) and NFTs, despite claiming they had never shared their seed phrase online.

Ledger and blockchain security firms indicated that the user was likely targeted by a phishing scam in February 2022, and the funds were only recently drained.

Ledger’s connector library was also compromised in December 2023, leading to an attack that drained $484,000 from victims.

Experts anticipate a rise in phishing scams during the holiday season as online transactions increase, with Meta recently warning users about multiple scams targeting holiday shoppers.