Bitcoin Forum

I recently received an email titled Ledger Exploit Fixed: CVE-2025-3847. I read that email and thought for a while that it must be genuine. But when I receive such emails, I am a little more careful to verify whether it is genuine or not. So after examining this email in detail, I found that this is a dangerous move by scammers, a little carelessness can turn into a nightmare for a crypto user. This is not an official email, if you pay attention carefully, you will understand. So, those of you who receive these emails, never click on the link, as doing so can make you a victim of phishing.

https://i.postimg.cc/PrQ3JhyZ/IMG-20251107-WA0000.jpg

Scammer's Email Address :
https://i.postimg.cc/pVYYYCF1/IMG-20251107-WA0001.jpg

If you click on the link in the email, the website will first tell you that there is a new update available for your ledger, so connect your ledger for security reasons! And this is the final stage of scammers' attempts to scam a ledger user. So never connect your ledger to this fake website, it is a phishing website created by scammers to hack your wallet. Always be careful before connecting your ledger wallet to any site to see if that website is genuine or not.

Website Link :

https://i.postimg.cc/T17cj24q/IMG-20251107-WA0002.jpg

Virustotal Report : https://www.virustotal.com/gui/url/d48995e4130b6711b3d5162b13c7da9cc3500d738968f8add64c0b95aeea6951

It seems that this email: @royalcanin.com is known scammer selling fake pet food.
How this scammer changed his target to crypto users: they mainly target pet owners to sell fake pet food.

This is how scammers can easily think of any ways just to find a victim, even if the site isn't related to crypto.

The world is innovative either in the good or bad way ironically, and scammers aren't an exception on this innovation. When a business is not really profitable or when someone a better business, they opt for it or do both and this is a similar scenario with this scammer.

While he/she switched targets they are still scammers and the fact that they are switching to the crypto space shows why we ourselves shouldn't slack off but rather be innovative and informative on the latest scams and how to prevent those around you and yourself for becoming victimized.

Is your e-mail publicly known? If not, then either these hackers got it from a data leak (probably bought from some hacker from the dark web) or one of the sites you signed up for sold your info.
Quite weird you got that phishing e-mail, 'cause I didn't even though my e-mail is plastered everywhere (not that I wanted one), especially in this forum.  :o

I was supposed to post something similar to this topic, but fortunately, I saw the subject.

What I experienced is like this. I received an email titled "Security Patch: CVE-2025-4781" from a Verified Account named Ledger. It was pretty obvious it was a phishing email, but it could still fool someone.

https://talkimg.com/images/2025/11/07/U6caqb.png

With the checkmark like that and the way it looks, it really looks professionally made.

https://talkimg.com/images/2025/11/07/U6cuJH.png

The "Open Ledger Live" button points to the URL below (I SS'd part of it, not the entire one). 

https://talkimg.com/images/2025/11/07/U6cwbg.png

I don't want to click, nor anyone should. It should be something that be aware of.

I once used this email in a Ledger campaign, and the scammers are sending Ledger phishing links in that email. So it's clear that this is a targeted attack by scammers whose database was with Ledger.

Our contact information has been leaked to scammers because hackers were able to steal our information from Ledger's database. So the emails of those who participated in any of Ledger's campaigns are still available to scammers. So they are targeting ledger users using that database, because they have contact information of ledger wallet users and participants in any of the ledger wallet campaigns.

Yes, I also received this email, I saw it now. But the link in this email is not working now, the website of the link is down.

Ledger is like a gold mine, pretty sure those emails are premium when resold to different hackers.

I agree with that, and it's good that you warned the community about this phishing email that some people might receive if their email addresses were part of Ledger’s database..

Many believe that owning a hardware wallet means they are completely safe, but their wallets could still be compromised if they trust any email they receive without verification and connect their device through those dangerous phishing links..

The message looks very convincing, especially since it includes a verification badge next to the name “Ledger,” but if we check the sender’s email address, we’ll find that it’s not official.. It is best to change this leaked email to another email address and keep it away from the public.

I am glad to hear that, and I expect they might come back again with another domain. For this reason, I need to be careful when dealing with emails.. Also, it would be positive to report these phishing domains as soon as we see them, because doing so will help protect many people from falling victim.

Scammers targeting Ledger customers is a scenario we have seen and talked about a million times over. Ever since Ledger lost their customer database, the attacks have been nonstop. Designed in different ways, but the goal is to steal from the person if they are gullible or ignorant to fall for it. I even remember that a couple of months ago, some scammers attacked Ledger customers through sending phishing letters to their physical mail. That was something i had never seen before.

That said, OP is good that you warned people about it. I don't expect people to fall for this kind of scams, but people fall for cheaper scams, so the warning is pertinent.

Right, this contact information belongs to crypto users who may have a good amount of cryptocurrency in their wallets. If they can trap a few of their targets, they will be able to get all their investments back. So scammers are sending emails with phishing links one after another, hoping that if a ledger wallet user makes a mistake, their planned targeted attack will be successful.

Scammers are still sending emails, but this time they have written their emails in more detail so that a ledger wallet user can easily believe that it is a real email and important. They are actually playing an emotional game with the ledger users, just one wrong move by the ledger user will make the scammers' mission successful.

https://i.postimg.cc/7hjwNWtm/IMG-20251109-WA0000.jpg


https://i.postimg.cc/FKhmGcpg/IMG-20251109-WA0001.jpg

Quite possible I guess. Its normal for emails that we frequently use. For example, my public email is used everything for casual things, and the amount of spams/phishing I get is huge. I don't even bother opening the email services app. Somewhat somehow it got exposed/leaked in a data breach or i dunno and after that don't ask what happened. I had to basically stop using that email for things involving money, like registering to a CEX. Now I just use it as a temp mail only, in in sites that I'm not comfortable putting my primary mail.  :)

When you used your main email for the ledger wallet and that database goes to hackers, there's nothing you can do. And these scammers are specifically targeting users whose contact information has been breached from the Ledger wallet database and obtained by hackers. Since this is your main email, you use it for many of your important accounts, and that's why you can't stop using this email whenever you want.

I myself use my other emails for non-important purposes that I haven't opened in years. But I have to use my main email for important work, and if my information gets leaked from that website and I become a target for hackers, there's nothing I can do.But they promised to protect my information, but they don't implement security measures to protect my information!

Typical modus operandi of scammers. They create a situation of tension and urgency for their victim and at that point many people stop thinking right and they are just trying to "save" their funds. So they follow the scammers instructions and get scammed. This is almost the same pattern scammers are using to steal from mostly the elderly through bitcoin ATM scams.

They call the victims and make up a story, one of urgency and direct them to use a bitcoin ATM to send funds to solve the urgent problem, and just like that, money gone. I really hope more people learn all these modus operandi's and never fall for them again.

Ledger's phishing link emails have stopped coming in the past few days. They may have actually found that their scamming tactics have been exposed here. Which is a good sign for crypto users' wallet security. However, I think the scammers have temporarily stopped their activities, they will come up with new tactics again and try to attack ledger wallet users on a larger scale. Therefore, everyone should be careful and check any email carefully before opening it to stay safe from scammers.

it's good you posted about it here, we can never have enough warnings, but i doubt it did anything to stop them. more likely their email server, or whatever service they were using to send those mass phishing emails got suspended.

people also need to understand that hardware wallets (or any other non custodial wallet) will never email you to "update your firmware", if there is an update, you will only see it on the app when you plug in the wallet.

It's good that Gmail is marking these phishing emails as phishing and is giving users a warning that personal data is being stolen through these emails. However, I think Gmail should have given this warning earlier, because scammers have been doing this phishing attack for a long time, so many people may have already fallen into the scammers' trap.

https://i.postimg.cc/brff1VJ7/Screenshot-20251124-001249-Chrome.jpg