New Ledger phishing mail targets individual users

[Pmalek]

@jerry0
The mails might have gotten into your spam folder. Unless you check it regularly, they get deleted after a week or two, depending on the client.
It is just a coincidence that users lost XRP. That coin is surely not targeted for some reason.
Yes, users received a link telling them to download a new version of the software. Once installed, it asked users to enter their 24-word seeds. Those who did, sent their seed to the hackers.

Your seed and private keys are kept on your hardware wallet, even if your computer is compromised. Nobody can access assets on a crypto wallet remotely because they need to to confirm transactions by pressing the buttons on the hardware device. This can only be done by the person in possession of the wallet, not via the Internet.  

[1713861951]

1713861951

[1713861951]

1713861951

[1713861951]

1713861951

[1713861951]

1713861951

[bob123]

It is just a coincidence that users lost XRP. That coin is surely not targeted for some reason.
Yes, users received a link telling them to download a new version of the software. Once installed, it asked users to enter their 24-word seeds. Those who did, sent their seed to the hackers.

The attack:

• A phishing mail targeting badly informed user to retrieve a hardware wallet mnemonic code.

The targeted Coin:

• A coin which is a fully centralized shitcoin no sane and informed person would buy.

There might be some correlation 

[LTU_btc]

Few days ago I also got almost same email. Only diference from message in OP is sender address is legdersupport.com and number of customers is changed from 85 000 to 81 000. I almost immediately realised that something is wrong with this message because it was in my spam folder, while usually messages from Ledger is shown in my main folder.
Anyway, it's very typical phishing attack, not the primitive one, but not the most sophisiticated. Only difference  that they used database from Ledger to send these emails, while usually such data is collected from other sources, like phishing websites, sold email databases and etc.

[Lucius]

Few days ago I also got almost same email.

I haven't received anything yet (email or SMS) yet, but even if that happens we all know that the danger exists only for those unfamiliar with the basics. I don't think most users will even see such e-mails because, as in your case, they usually end up in a spam folder - and when it comes to text messages, most smartphones have the option to block calls or messages from unknown numbers - which is not only useful in this case, but generally if you receive a lot of SMS spam.


Recently there was news that as many as 23 600 databases were publicly available for several hours to download, so although it is not directly related to Ledger hack - check your accounts and change passwords if necessary.

[Pmalek]

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

This is how it looks:
 

[bob123]

~snip~

Wow.. people have to be extremely uninformed to fall for something like that.. @ledger.com-e8-encryption-s24.email-n2-alert.app.. really? 

People who still think there are "ledger accounts" with a hardware wallet.. are lost.
They will get compromised. Maybe not with this phishing mail, maybe not with the next.. but with some other in the future..

[btcwish1]

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

This is how it looks:
 

Yes I got this email as well.

I am worried that some newbies of hardware wallet may fall for this type of email. I have seen lot of phishing emails before from different companies but these ledger phishing emails really do like original!

[Pmalek]

Is there even something that resembles device authorization in the account settings on Ledger Live? I don't have access to the PC I have Ledger Live installed on at the moment so I can't check. I know Ledger is compatible with the Fido U2F app. Maybe they are asking users to disable login access to other devices. I haven't used the U2F app so not sure how it works.

[dkbit98]

I am reading one 'nice' thank you letter from one of the ledger customers on reddit:

Thank you Ledger
Since the loss of personal data by Ledger this summer, I have received numerous emails trying to gain access to my ledger.

Couple of days ago, I first got a text claiming a breach of the ledger and an additional link. Which makes it very clear where this data came from... I've seen a post with the same text on this page before.

I would like to take this opportunity to thank the Ledger team for taking good care of the personal data that they receive, especially since they operate in such a sensitive market (finance) and the fact that they informed numerous malicious actors that I have a ledger and probably some crypto, and my email, phone number and possibly home address.

Hey at least I got some sort of apology I guess.

Thank you Ledger.

https://www.reddit.com/r/ledgerwallet/comments/k3vp08/thank_you_ledger/

Hackers are now sending google maps link of your home address! 👀 to scare more people

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.

I expect to see more attempts like this from hackers to pair growing discounts from ledger.
They need new customer data as soon as possible.

[btcwish1]

Yet another phishing email today. it is just not stopping:

[suchmoon]

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

[Csmiami]

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

Haven't you heard? New Ledger devices will come with a camera for face ID and a fingerprint scanner for fingerprint ID too!


Shouldn't have joked about that; now I have received that same SMS....

Funny thing is it's been sent by KYC, not by LEDGER (like the previous one)

[suchmoon]

Haven't you heard? New Ledger devices will come with a camera for face ID and a fingerprint scanner for fingerprint ID too!

I thought the device itself is a disguised anal probe so I got very excited... alas, they just wanted me to tap a very legit-looking link like ledger.com-send-us-all-your-personal-data-and-perhaps-your-seed-too-123456.app

[dkbit98]

My hardware wallet has been deactivated and I need to pass KYC, a very helpful text message told me today, addressing me by my full name.

They asked politely.
Your best solution for this 'KYC' is to change your phone number, and maybe change your name and address if there is some special witness protection program

Check out this recent comment on reddit, that makes me think how (not) secure their system still is, and maybe all this hack stuff was some inside job:

Hello, first time poster but I think this might be relevant.

I first bought a ledger nano s about two years ago and was probably not among the people that had their data leaked this summer as I never received spam/phishing messages (neither by email or sms).

Last week, during black friday I decided to pick up another ledger as backup. I took some precautions such as using an alternative email and old phone number that I barely use.

The info is completely different from the first time a bought a ledger (even the address and payment method was different).

Today, I checked for the shipping tracking on the email used specifically for the purchase. In the spam folder, I notice there was that scammy ledger message ("download the update here"). Obviously, I immediately deleted the message.

If scammers had access to my email, it means that ledger must still be leaking data as they didn't have this specific info 7 days ago.

Can Ledger please confirm this? It would be nice to know if our private data continues to be handled poorly.

You are not the first to claim real time data leaks. This is insane! They are too busy moderating this subreddit of legitimate privacy concerns than to handle shit on their end to make sure these leaks aren't occurring. Wtf do they even use for their e-commerce?? They need to be made aware of this asap as they are equally responsible.

https://www.reddit.com/r/ledgerwallet/comments/k7t6wy/is_ledger_still_leaking_data/

I will do my own testing to confirm this with new temp email.

[LTU_btc]

New phishing attempts are being sent out. This time the scammers are claiming that someone tried to log in to your Ledger account from an unknown Ledger Nano hardware wallet. The sign in attempt came from Russia they say. Users are being recommended to cancel device authorization from the account settings. And there is a cancel button that seems to redirect to a google.doc document.
This is how it looks:
https://talkimg.com/images/2023/09/10/mqLna.png

I also got similar message recently with few differencies, now they used French IP address. Yeah, it redirect to Google Docs, where link to website which claims to be Ledger.com is uploaded. But actually, it's half-broken phishing website with most of links not working.
BTW, I'm not sure that this email is related with database from Ledger. It might be just another common phishing email that we get almost daily from all kind of websites.

[Pmalek]

I will do my own testing to confirm this with new temp email.

I was curious about the same thing so I already did this two days ago.

I created a new email address and I signed up to their affiliate program on the main website. I also signed up to their newsletter. I placed a Ledger device in the shopping cart and entered my email address. I didn't finalize the purchase but the email address was added and TOS accepted, etc. Now I am waiting to see if any phishing mails will arrive.

I just checked the email address and there was only 1 new email sent from their Newsletter department telling me about the Ledger Academy, Ledger Blog, etc. No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

[dkbit98]

I created a new email address and I signed up to their affiliate program on the main website. I also signed up to their newsletter. I placed a Ledger device in the shopping cart and entered my email address. I didn't finalize the purchase but the email address was added and TOS accepted, etc. Now I am waiting to see if any phishing mails will arrive.

I did the same thing because I don't fully trust what other people say or write and I like to confirm for myself.

Now I am just waiting to see if hackers will send me something to play with or not.

[bob123]

No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

That's to be expected.

To be honestly.. if there would be an ongoing leak a.k.a. the attacker still have control over their systems, ledger would have proven to be the worst company in terms of customers data protection.

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..

[Stalker22]

No phishing emails so far. If nothing arrives in the next week, I can assume there is no ongoing data leak.

That's to be expected.

To be honestly.. if there would be an ongoing leak a.k.a. the attacker still have control over their systems, ledger would have proven to be the worst company in terms of customers data protection.

I really can't imagine that their server are still compromised, that would require some exceptionally bad incident response. Guess that's not impossible tho..

I guess there's always the possibility of something being overlooked (the baddies are always so ingenious), for example: man-in-the-middle attack or even some sort of 'inside job'. As in the recent twitter case.
They may not even know they are leaking data. Purely speculation on my part, of course...

[HCP]

If you read the reddit threads, the Ledger staff claim that in every single case where someone has provided the appropriate details to them (ie. email address or phone number that received the phishing message), they have been able to identify that the data was already provided to them prior to the initial hack (ie. the person had already signed up for a newsletter or purchased a device using those details in the past).

It really is a "he said/she said" type situation... users claiming they received nothing until they purchased a black friday deal, then they magically start receiving messages... Ledger claiming there is no "ongoing" or "new" leak.

Having said that... I haven't purchased anything from them in over 3 years. Never received any messages/texts after the initial hack back in July/August etc... until I received the latest "We are sorry to tell you that due to the new KYC regulations, your hardware device has been deactivated." message 2 days ago. It wasn't even personally addressed, it just said: "Dear <my.email @address.com>"... so I'm not even sure if it was from the Ledger leak, or is just a semi-targeted campaign using details from one of the many crypto service hacks


Personally, I think the users saying "I got this message after buying on Black Friday" is just a timing coincidence... but that still doesn't change the fact that Ledger fucked up originally and haven't done a great job of handling it.