Bitcoin Forum
September 19, 2019, 09:21:47 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: LedgerBot - New phishing on Ledger  (Read 130 times)
bitmover
Hero Member
*****
Offline Offline

Activity: 602
Merit: 1021



View Profile
July 29, 2019, 03:27:37 PM
Merited by bones261 (2), The Pharmacist (2), DaveF (2), hugeblack (1)
 #1

I saw this on Reddit. Some people robbed already
https://www.reddit.com/r/ledgerwallet/comments/cj9xo0/new_ledger_bot_trying_to_obtain_private_key_and/



Never write your seed you received from your hardware Wallet device anywhere, just ion a paper. Never on a computer or phone.

1568884907
Hero Member
*
Offline Offline

Posts: 1568884907

View Profile Personal Message (Offline)

Ignore
1568884907
Reply with quote  #2

1568884907
Report to moderator
1568884907
Hero Member
*
Offline Offline

Posts: 1568884907

View Profile Personal Message (Offline)

Ignore
1568884907
Reply with quote  #2

1568884907
Report to moderator
1568884907
Hero Member
*
Offline Offline

Posts: 1568884907

View Profile Personal Message (Offline)

Ignore
1568884907
Reply with quote  #2

1568884907
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1568884907
Hero Member
*
Offline Offline

Posts: 1568884907

View Profile Personal Message (Offline)

Ignore
1568884907
Reply with quote  #2

1568884907
Report to moderator
1568884907
Hero Member
*
Offline Offline

Posts: 1568884907

View Profile Personal Message (Offline)

Ignore
1568884907
Reply with quote  #2

1568884907
Report to moderator
GreatArkansas
Hero Member
*****
Online Online

Activity: 616
Merit: 564


LiveCoin - is a modern stock exchange


View Profile WWW
July 29, 2019, 10:45:59 PM
 #2

So this is someone who is not connected to Ledger Wallet nor not on their development team right?
As what the Ledger CTO said, we can easily report the user /u/LedgerBot
Quote

█████████▄           ▄█
▀██▄         ██
▀██▄    ▄▄ ██
▀███ ███ ██
█████████▄        ▀▀ ██
▀██▄      ▄▄ ██
▄█████████ ███ ██
▄██▀          ▀▀ ██
████
█▀            ▄▄ ██
▄██ ███ ██
▄██▀   ▀▀ ██
▄██▀        ██
███████████▀          ▀█




▄▄█
█████
█████
█████
█████
█████

█████

█████

█████


▄▄█
█████
█████
█████
█████
█████
█████
█████

█████

█████

█████
▄▄█
█████
█████
█████
█████
█████
█████
█████
█████
█████

█████

█████

█████
█▄           ▄█████████
██         ▄██▀
██ ▄▄    ▄██▀
██ ███ ███▀
██ ▀▀        ▄█████████
██ ▄▄      ▄██▀
██ ███ █████████▄
██ ▀▀          ▀██▄
██ ▄▄            ▀█████
██ ███ ██▄
██ ▀▀   ▀██▄
██        ▀██▄
█▀          ▀███████████
bob123
Legendary
*
Offline Offline

Activity: 1022
Merit: 1515



View Profile WWW
July 30, 2019, 08:00:53 AM
 #3

Do you have any more information regarding the URL ?

Does it only display ledger.com but links to a completely different site ? Is this even possible on reddit ?
Or was there some kind of advanced attack (spoofing of any kind, etc. ) ?

I wasn't able to gather anything related to that from the reddit post.

BitCryptex
Hero Member
*****
Online Online

Activity: 700
Merit: 1013


Write @BitCryptex or quote my post to notify me


View Profile WWW
July 30, 2019, 08:31:53 AM
Merited by bob123 (1)
 #4

Do you have any more information regarding the URL ?

Yes, it was a hyperlink. This user clicked on https://www.ledger.com/helpdesk/bip39tool/ but in fact he accessed a different website. If he had copied the address manually or moved his mouse cursor over the link, he would have noticed that something was wrong. The user did not check the address bar immediately after accessing the website.

Lucius
Legendary
*
Online Online

Activity: 1540
Merit: 1324


Fortis Fortuna Adiuvat


View Profile WWW
July 30, 2019, 09:30:02 AM
 #5

I reported same thing on 19 July in this thread, it is a same type of attack with only slightly different formatted instructions. It all comes down to trying to convince an inexperienced user to type his 24 word seed in some fake tool.

I guess hackers will try with this attack on Reddit as long as there is some success for them, and creating new accounts and posting is free.

Pmalek
Legendary
*
Offline Offline

Activity: 1064
Merit: 1142



View Profile
July 30, 2019, 09:33:38 AM
 #6

Unknowing users are making it so easy for these scammers. It is stated everywhere that your seed words should be written down by hand and stored in a safe place. It should never be uploaded or stored online for any reason. And that is exactly what people do. All the scammers need to do is make up a new story why you need to send them your seed and it will work Undecided

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
The Pharmacist
Legendary
*
Offline Offline

Activity: 1638
Merit: 3090



View Profile
July 31, 2019, 05:06:59 PM
 #7

Yes, it was a hyperlink. This user clicked on https://www.ledger.com/helpdesk/bip39tool/ but in fact he accessed a different website. If he had copied the address manually or moved his mouse cursor over the link, he would have noticed that something was wrong. The user did not check the address bar immediately after accessing the website.
Holy crap.  And OP, thanks for posting the warning.  I've owned a Ledger for about a month now, so I've been reading stuff in this section about it and could well have fallen for the same thing.

It is stated everywhere that your seed words should be written down by hand and stored in a safe place. It should never be uploaded or stored online for any reason.
That's probably the only reason I wouldn't have gotten scammed, because I'm not entering my seed phrase onto anything anytime soon, but I suspect if my Ledger breaks or something like that I'll eventually have to.  Good to know about these sorts of scams.

I guess hackers will try with this attack on Reddit as long as there is some success for them, and creating new accounts and posting is free.
Freakin' Reddit, man.  I avoid them like the plague, even if there's occasionally some good information posted there about crypto.  Don't know exactly why, but that entire site gives me a very bad vibe.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 686
Merit: 2741



View Profile
July 31, 2019, 06:18:01 PM
 #8

That's probably the only reason I wouldn't have gotten scammed, because I'm not entering my seed phrase onto anything anytime soon, but I suspect if my Ledger breaks or something like that I'll eventually have to.
If you do ever have to enter you mnemonic phrase in to any electronic device, regardless of how secure you think it may be, best practice is to assume it will immediately be compromised. On the one occasion I have had to do it, I had a new wallet already set up, with a new mnemonic phrase written down and stored securely, and a receiving address ready to go. As soon as I restored my old wallet, I immediately swept everything it contained to the new wallet.

You can't be too safe when dealing with your mnemonic phrase. If you have entered your phrase somewhere in the past, and think no one has access because your coins haven't been stolen yet, they might simply be watching and waiting for you to make a larger deposit. Would you bet all your wallet's contents on it being safe?

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!