Bitcoin Wallet Provider Ledger Compromised Again by Malicious Phishing Attack

The famed hardware wallet manufacturer, Ledger, has suffered from a phishing attack. The event may be connected to a leak of the company’s customer data in July 2020. 

Ledger Users Report Phishing Attack

There have been several reports mentioning a phishing email, which some Ledger users received. The fraudulent notice warned users of a security breach on Oct. 24, 2020, which put people’s crypto at risk. Victims of the malicious email were then urged The malicious email to visit a link and update firmware on Ledger devices.

The link took users to a phishing website with a ‘.io’ domain extension instead of the authentic ‘.com’ domain. The malware hosted on the fraudulent site can reportedly give hackers access to a user’s private keys and allow them to steal all their crypto.

At the time of writing, the phishing website is down. Ledger quickly reacted to the attack, sending customers a warning message about phishing attempts and making a website statement. 

Ledger’s case once again highlights the vulnerabilities of centralized setups for unencrypted data storage. Echoes of a single attack may continue to surface further, as scammers can reuse customers’ data like names, email addresses, and phone numbers endlessly.

A valuable lesson hardware wallet users can take away from this is remembering the famous crypto adage “don’t trust, verify” each time they receive a request asking for sensitive information.

Read More