Email scams have long been known. However, now users of Ledger hardware wallets are receiving parcels with fake devices allegedly sent by the manufacturer.
In July 2020, Ledger announced a hack to their marketing database. The hacker attack did not affect the security of wallets, but led to the leakage of a million emails, and its consequences are still felt even after a year.
A Ledger hardware wallet user whose data was also “leaked” posted on Reddit photos of a fake Ledger Nano X wallet that he received in the mail from scammers. The device was wrapped in a “proprietary” package, but the package had many suspicious signs. The package included a poorly written letter, allegedly signed by Ledger CEO Pascal Gauthier, guaranteeing that this kind of violation and information leakage would never happen again.
The letter stated that for security reasons, the company sent the user a new device that he must now use to keep his cryptocurrencies safe. It was accompanied by instructions for setting up and using a new wallet. The user was required to enter a special recovery phrase in order to connect the wallet to the new hardware.
Naturally, with the introduction of this phrase, the user will personally provide the attackers with access to his wallet. “Gift” devices are designed to transfer the phrase entered by the user to a device controlled by fraudsters. Subsequently, they can use it to steal cryptoassets. Security Specialist Mike Grover commented on the photographs showing the original and counterfeit circuit boards.
“This is a regular flash card attached to a Ledger wallet for injecting malware. Since all the components are on the other side, it is impossible to say with certainty if this “tool” is just a storage device. However, judging by the sealing, this is just a mini-flash drive without a case. On the back of the device you can see a flash memory card ‘implant’ and four wires connected to the same pins on the Ledger’s USB port, ”Grover said.
Ledger warned its customers about the possibility of receiving fake parcels with a hardware wallet as early as May 10. The company’s management urged users to never connect a fake device to a computer or enter 24 words into a fake Ledger Live app. Ledger will never require users to provide their passphrase.
As a reminder, a class action lawsuit was filed against Ledger in April. The wallet maker is accused of not being convinced of the safety of the e-commerce platform Shopify, because of whose actions the information began to be “leaked”.
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
