Ledger Clients are Mailed Fake Wallets to Steal Their Private Seeds

Ledger clients are getting fake wallets via mail to take their cryptographic money. A client in Reddit revealed getting a dubious bundle that professed to be sent by Ledger. The bundle incorporated a letter expressing the client expected to substitute the current wallet for safety reasons. Ledger has been the wellspring of a few holes of data of client information. Hoodlums are probably utilizing this data to sort out these plans.

Scammers Are Mailing Fake Wallets to Ledger Customers

Scammers are reportedly mailing fake hardware wallets to Ledger customers to steal their private seeds. According to the statements of a Reddit user, he received a package sent by Ledger with a legit-looking Ledger Nano X. The package also contained a letter that stated their current wallet was compromised. This letter stressed the user needed to replace their current wallet with the new one. It declared:

For security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device.

The bundle apparently included guidelines to set up the new cryptographic money wallet with the private key. Notwithstanding, upon additional investigation, the equipment wallet sent was an altered rendition of the first Nano X. Likewise, this changed wallet contained a progression of various associations within the gadget.

Mike Grover, a security consultant, talked to Bleepingcomputer about the fake wallet. Grover declared:

This seems to be a simply flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery.

The Ledger web page has updated its phishing campaign page to alert users of this new modus operandi.

Data Leaks

The organization endured two significant information releases last year. The first occurred on July 14, when a unidentified outsider got to 1,000,000 messages and 9,500 addresses from its clients. Moreover, last December 20, the data was spilled to the web for nothing. Subsequently, its clients are confronting a progression of phishing and trick assaults via mail.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Isa Misao