Fake Ledger data breach emails used to trick victims into giving up recovery phrases

Akshit Behera

New phishing email scam impersonating Ledger spotted

The emails claim the user’s Ledger wallet seed phrase was compromised, and asks for confirmation

Users that provide the seed phrase lose all their money

Criminals are trying to steal cryptocurrency by impersonating hardware wallet firm Ledger and sending phishing emails.

Victims have reported receiving emails pretending to be from Ledger, and claiming that their seed phrase (also known as recovery phrase, or mnemonic seed) is compromised. To protect their digital belongings, the victims are invited to “verify the security” of the recovery phrase through the “secure verification tool”.

The email comes with a “Verify my recovery phrase” button which leads people through an AWS website, to a domain “ledger-recovery[.]info”. There, users can enter their recovery phrase, which is then saved on a server and relayed to the attackers.

Providing the right data

A recovery phrase is used to load the contents of a cryptocurrency wallet into a new device, or new software wallet. It usually comes as a series or either 12, or 24 random words. Whoever has access to this phrase, also has access to the funds, so it is absolutely pivotal that these remain offline, hidden, and not shared with anyone.

To make sure they’re getting the real deal, the scammers added several safeguards to the phishing page. The site is limited to 2048 valid words that can be entered as part of the mnemonic seed phrase. Furthermore, whatever the user enters, they will get the response that the seed phrase is wrong – most likely to allow the victims to double down on their entries and thus confirm they have provided the right information.

Phishing emails often used to have poor grammar and spelling and could typically be identified by clumsy, amateurish wording. However, with the introduction of generative AI, that is no longer the case. In this case, though, the clue was in the email address, since it came from the SendGrid email marketing platform. Furthermore, the link redirects through an Amazon AWS website, which should also be a red flag.

It is impossible to know how many people (if any) fell for the trick, but those that did lost their money permanently.

Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

Via BleepingComputer

Original Author: Sead Fadilpašić | Source: TechRadar

About

Shark’s Data Den provides data-driven insights and analysis on technology, business, and innovation.

AI artificial intelligence Artificial Intelligence: A Guide for Thinking Humans Being Human in the Age of Artificial Intelligence books bookself Dangers data science data scientist Human Compatible Human Compatible: Artificial Intelligence and the Problem of Control Life 3.0 machine learning Max Tegmark Melanie Mitchell Pedro Domingos Stuart Russell Superintelligence Superintelligence: Paths Dangers Strategies The Master Algorithm: How the Quest for the Ultimate Learning Machine Will Remake Our World

Discover more from The Shark's Data Den

Subscribe now to keep reading and get access to the full archive.

Continue reading