Bitcoin Forum

I think this is one of the oldest Ledger Phishing site that we have come so far. It is so old that the domain name is already for say, LMAO. But still though, it is so malicious that I will assume that since it has been for months or even years in the crypto space, many has fallen for this trap specially that as of late, Ledger phishing sites has multiple and grow intensively.

If this has been reported to this community, it's about time to report it again.


Archived: https://archive.is/gvea0

https://i.imgur.com/hsAPZiA.png

Domain Info:

https://i.imgur.com/3dSHVEG.png

https://whois.domaintools.com/ledgerlive.io

I already reported the website, so let's see if this is going to be prioritised.

It is so old that the they forget to update the UI because the original Ledger website has updated many times their landing pages. So this scammers just created this site and then wait for someone to fall for it. I'm wondering though what will happen to the site after it expired, will the next batch of criminals will buy it and continue?

Reported the site as well.

The forum search button said, there is no thread with this domain name. I am not sure if I missing something. So, nothing wrong with your post. Sometimes we should remind old scam methods that are still alive. So newcomers would know about that and save their valuable assets. Scammers always will look for advantages, and we should be careful from our ends. The domain name is quite confusing, such as domain should be bought by Ledger before scammers. So scammers wouldn't be able to buy it.

It this website is up for sale, then yes, this is very old and maybe close to a year already in existence. I'm not really sure if Ledger will buy it though, this kind of domain names are going to be expensive in the market because obviously with that name.

The best thing we can really do is educate ourselves that there are a lot of clones and fake apps, websites that relates to crypto.

What this malicious site seemingly does, is clone Ledger’s real website, keeping most of the pointers still redirecting to the proper site, except for the download options related to Ledger Live for Desktops, where the file you’ll obtain is downloaded from their own website (i.e. not redirected to the original site). Specifically, all three entries (Windows app, Mac app, Linux app) point to the same file (each entry should link to a different platform-based file).

I’ve carefully downloaded the file (not a recomended practice), and VirusTotal does not report anything on the file itself. In fact, it has exactly the same file information as the download from the legit Ledger site. I've checked the SHA-512, for the downloaded file from both the legit site and the cloned site, and the file currently renders the same SHA-512 in both cases:

861bce8795f50c0b545ba8a51047f8e7b3ba38fdacefc3eb2eebbcda4b8d68ff1999af4df3f5759 6d770bcb7cc821449c6b675edf40d309e7da0437a9611b84c

Which is correct according to https://ledger-live-tools.now.sh/lld-signatures, where I arrived from within https://github.com/LedgerHQ/ledger-live-desktop.

It is seemingly pointing currently to the proper version, but that can be changed in a second, and a rouge version could be deployed instead anytime.

This is very deceptive and could also be very effective in facilitating a scam. If they give legit information most of the time, visitors would trust the website and can even pass it off as the legitimate one, through this they build reputation and also popularity by gaining organic traffic.
So, whenever the site turns malicious, users may have already let down their guard.

Such clone websites pop off every now and then each with a bit of similarity to the original. I do not think ledger can buy them all up and even if they could, it could serve as an incentive for scammers to try and clone more domains. Much better to report them and get them taken down.