[WARNING] Ledger Phishing Emails

[crwth]

What happened: Email received from help@solofunds.com pretending to be Ledger live.

I remember an issue where customer databases were leaked or hacked (?). I am not sure, but I have received this, and it has the correct information on me down to the address. Be careful about this.

Don't click on suspicious emails. Verify the sender and make sure you don't input any sensitive information.

[_act_]

This kind of phishing attack is common between just two hardware wallets among all hardware wallets that I know. This could probably be because they are the most common hardware wallet. They are Trezor and Ledger Nano.

I do not think I can get any of these hardwae wallets if I want to use a hardware. Although Trezor is better because it is open source but Ledger Nano is not open source and also have other reasons it is good not to buy such a wallet.

I will prefer to get an uncommon wallet like Passport or Keystone. But generally it is good to know how to avoid phishing attack. I do not think I have privacy when using wallet that emails are leaking to scammers.

[Coyster]

Another day, another phishing email for ledger customers. Ever since ledger's customer database was leaked some years ago, their customers keep getting attacked through phishing emails like this. Right now it should be common and easy for most of them to spot these scam emails and basically ignore them, but you will be surprised that people still fall victim to it, this is not to add that ledger is no longer a good choice of hardware wallet.

[hugeblack]

It may be better to create several aliases^[1] and email addresses that give you hundreds of temporary addresses that you can use to sign up for services and stop receiving any messages from those aliases.
Ledger has poor security and does not take into account customer privacy, so it is best to treat any message you receive from them or related to them with caution.

[1] https://proton.me/support/addresses-and-aliases

[examplens]

What happened: Email received from help@solofunds.com pretending to be Ledger live.

I remember an issue where customer databases were leaked or hacked (?). I am not sure, but I have received this, and it has the correct information on me down to the address. Be careful about this.

Don't click on suspicious emails. Verify the sender and make sure you don't input any sensitive information.

I didn't receive anything like that.
Even though someone presents themselves as Ledger, it does not necessarily mean that they are doing so based on the data leaked from their database. It could also be the db of another service.

Have you visited the solofunds.com site, the domain from which the email address was used?
As far as I understand, they deal with lending and borrowing. This raises a red flag over them because in both cases. If they plan to send such phishing emails, it marks them as scammers. Also, if they have nothing to do with the email you received, it means that their security has been breached and a third party has access to the email server, and maybe more.

[JeromeTash]

The fact that they were even able to mention the name you had used in the email means that your information probably leaked via database breach or any other service you probably signed up before. You can try checking that said email address through this site: https://haveibeenpwned.com/

[Lucius]

Considering that about three hundred thousand or so (I can't remember) customer data was leaked, including name, surname, address and phone number, this is just one in a series of attacks that will probably not stop as long as people use these devices. Usually such emails end up in the spam folder, and if someone receives them in their main inbox, they should do others a favor and mark them as spam.

I think that I have long ago filtered all e-mails that contain keywords Ledger, so that even legitimate e-mails from that company do not arrive in my inbox.

[crwth]

This kind of phishing attack is common between just two hardware wallets among all hardware wallets that I know. This could probably be because they are the most common hardware wallet. They are Trezor and Ledger Nano.

I do not think I can get any of these hardwae wallets if I want to use a hardware. Although Trezor is better because it is open source but Ledger Nano is not open source and also have other reasons it is good not to buy such a wallet.

I will prefer to get an uncommon wallet like Passport or Keystone. But generally it is good to know how to avoid phishing attack. I do not think I have privacy when using wallet that emails are leaking to scammers.

I didn't get any spam with my Trezor, and I also have it. I don't think Trezor's customer base was leaked. Not that it's the most common, but it was leaked. No connection, whether they are familiar or uncommon. You cannot control once they have leaked the database.

Another day, another phishing email for ledger customers. Ever since ledger's customer database was leaked some years ago, their customers keep getting attacked through phishing emails like this. Right now it should be common and easy for most of them to spot these scam emails and basically ignore them, but you will be surprised that people still fall victim to it, this is not to add that ledger is no longer a good choice of hardware wallet.

I don't think having them do a bad thing with their security with database has anything to do with the hardware wallet. The hardware wallet that I got is good, and I still use it. It's a good HW, IMO, but the part where the leaked information is just sad.

It may be better to create several aliases^[1] and email addresses that give you hundreds of temporary addresses that you can use to sign up for services and stop receiving any messages from those aliases.
Ledger has poor security and does not take into account customer privacy, so it is best to treat any message you receive from them or related to them with caution.

[1] https://proton.me/support/addresses-and-aliases

I do this now, especially with the hide my email feature by iCloud because it's automatic when I register using my phone. When that happened, I wasn't really into getting more protection on my email, etc. Thanks for the suggestion.

I didn't receive anything like that.
Even though someone presents themselves as Ledger, it does not necessarily mean that they are doing so based on the data leaked from their database. It could also be the db of another service.

Have you visited the solofunds.com site, the domain from which the email address was used?
As far as I understand, they deal with lending and borrowing. This raises a red flag over them because in both cases. If they plan to send such phishing emails, it marks them as scammers. Also, if they have nothing to do with the email you received, it means that their security has been breached and a third party has access to the email server, and maybe more.

Were you also part of the database leak? It is also possible that somebody bought that information from the hackers who got it, but it's sad that there are still concerns about this up until now.

I don't know what Solofunds is, and I didn't try to check the website as well. I don't want to have anything to do with a buyer of data or a possible scam.

The fact that they were even able to mention the name you had used in the email means that your information probably leaked via database breach or any other service you probably signed up before. You can try checking that said email address through this site: https://haveibeenpwned.com/

I know I was already a part of it long ago. That news was surprising, and I was surprised there is still something like this.

Considering that about three hundred thousand or so (I can't remember) customer data was leaked, including name, surname, address and phone number, this is just one in a series of attacks that will probably not stop as long as people use these devices. Usually such emails end up in the spam folder, and if someone receives them in their main inbox, they should do others a favor and mark them as spam.

I think that I have long ago filtered all e-mails that contain keywords Ledger, so that even legitimate e-mails from that company do not arrive in my inbox.

I never have thought of it to filter everything like that. Hmm might give it a whirl.

[albon]

I know I was already a part of it long ago. That news was surprising, and I was surprised there is still something like this.

For your security, it would be best to leave this leaked email and create another email address and not share it in a newsletter or anything of that sort.

Although the message you received may be considered a clear phishing attempt, any hasty user can easily fall to this scam related to the Ledger update through a phishing site or any malware software. We always reiterate the need to be careful when dealing with email links and attachments.

I will report it to phishing@ledger.com so that they can take action to prevent this phishing attempt from spreading.

Update: Unfortunately, they didn't accept the screenshot I provided, so OP I request you to report and submit the phishing email in .EML or .HTML format, they need the full details including email headers.

[Coyster]

I don't think having them do a bad thing with their security with database has anything to do with the hardware wallet. The hardware wallet that I got is good, and I still use it. It's a good HW, IMO, but the part where the leaked information is just sad.

They were careless with their security and that is why their entire customer database was leaked and ever since then it has been sold and resold to bad actors who perpetrate phishing scam. Though that's not the only reason i say they are not a good option of a hardware wallet, Ledger is closed source and then they tell lies, remember the saga about ledger recover and how your seed phrase can actually be extracted from the device, these are some of the problems.

[dkbit98]

I remember an issue where customer databases were leaked or hacked (?). I am not sure, but I have received this, and it has the correct information on me down to the address. Be careful about this.

Scammers are sending phishing emails like this periodically and they are not only targeting ledger users, but I think they have a lot information about them from database leak.
My suggestion is to create new email address dedicated only for crypto related stuff, and disregard anything received on old email.
You can check if your email address was compromised at haveibeenpwned.com website.

[Zwei]

@crwth i'm curious, what steps did the phishing email want you to follow to "update your ledger"?

I don't think having them do a bad thing with their security with database has anything to do with the hardware wallet. The hardware wallet that I got is good, and I still use it. It's a good HW, IMO, but the part where the leaked information is just sad.

They were careless with their security and that is why their entire customer database was leaked and ever since then it has been sold and resold to bad actors who perpetrate phishing scam. Though that's not the only reason i say they are not a good option of a hardware wallet, Ledger is closed source and then they tell lies, remember the saga about ledger recover and how your seed phrase can actually be extracted from the device, these are some of the problems.

for real, ledger is the worst hardware wallet out there, i don't know how anyone still trusts them.
and actually, the database has not been sold and resold. back in 2020 when the hack happened, it was all published for free, and it's still all available on the internet if you know where to look.

[crwth]

Although the message you received may be considered a clear phishing attempt, any hasty user can easily fall to this scam related to the Ledger update through a phishing site or any malware software. We always reiterate the need to be careful when dealing with email links and attachments.

I will report it to phishing@ledger.com so that they can take action to prevent this phishing attempt from spreading.

Update: Unfortunately, they didn't accept the screenshot I provided, so OP I request you to report and submit the phishing email in .EML or .HTML format, they need the full details including email headers.

Thanks for this information. I just have emailed that phishing email to ledger and I hope they have somehow a solution to this or something. I will update here once there's a reply.

I don't think having them do a bad thing with their security with database has anything to do with the hardware wallet. The hardware wallet that I got is good, and I still use it. It's a good HW, IMO, but the part where the leaked information is just sad.

They were careless with their security and that is why their entire customer database was leaked and ever since then it has been sold and resold to bad actors who perpetrate phishing scam. Though that's not the only reason i say they are not a good option of a hardware wallet, Ledger is closed source and then they tell lies, remember the saga about ledger recover and how your seed phrase can actually be extracted from the device, these are some of the problems.

I see. I see where you are coming from. They certainly need to resolve or listen to some users that would prefer open source or something.

Scammers are sending phishing emails like this periodically and they are not only targeting ledger users, but I think they have a lot information about them from database leak.
My suggestion is to create new email address dedicated only for crypto related stuff, and disregard anything received on old email.
You can check if your email address was compromised at haveibeenpwned.com website.

That was the time I was still using one email address. Phew. It's going to be a problematic one because this email is important but just applying it in the future registrations etc.

@crwth i'm curious, what steps did the phishing email want you to follow to "update your ledger"?

Here is the next part.


The button goes to a very suspicious-looking link lol.

[Lucius]

For your security, it would be best to leave this leaked email and create another email address and not share it in a newsletter or anything of that sort.
~snip~

Why would the OP's security be compromised by phishing emails if he is fully aware of how to deal with them? Most of such e-mails go directly to the spam box anyway, and it is even possible, as I mentioned before, to add a keyword filter so that, for example, all e-mails containing the keyword Ledger end up in the spam box.

Create rules to filter your emails

@crwth i'm curious, what steps did the phishing email want you to follow to "update your ledger"?

Here is the next part.

The button goes to a very suspicious-looking link lol.

According to the instructions, it seems that the goal is for the "client" to connect their HW to the fake Ledger Live, and I assume that the goal of this fake LL is to trick any naive person into entering their seed at some point. When someone does that, it's game over - because the last step says to disconnect your HW and check if it's working properly, and while someone checks if everything is working properly, the hacker empties all wallets, starting with the most valuable ones.

[Zwei]

For your security, it would be best to leave this leaked email and create another email address and not share it in a newsletter or anything of that sort.
~snip~

Why would the OP's security be compromised by phishing emails if he is fully aware of how to deal with them? Most of such e-mails go directly to the spam box anyway, and it is even possible, as I mentioned before, to add a keyword filter so that, for example, all e-mails containing the keyword Ledger end up in the spam box.

Create rules to filter your emails

i would argue that even if he is fully aware of this, all it takes is a very convincing email that does not go spam (doesn't necessarily need to be ledger related), a moment of carelessness due to urgency or simply not paying close attention to fall victime to it.
better be safe than sorry imo, so it's better to abandon the email completely or at least stop using it for anything important.

[crwth]

According to the instructions, it seems that the goal is for the "client" to connect their HW to the fake Ledger Live, and I assume that the goal of this fake LL is to trick any naive person into entering their seed at some point. When someone does that, it's game over - because the last step says to disconnect your HW and check if it's working properly, and while someone checks if everything is working properly, the hacker empties all wallets, starting with the most valuable ones.

I like how subtly they used words like "secure computer" making you feel like what you are doing is secure. It's all about the wordings and mind tricks scammers use to get money. I didn't want to click any links at all so, I don't know the next step has in store.

Does anybody want to try???  ^{This is a joke only don't take it seriously}

i would argue that even if he is fully aware of this, all it takes is a very convincing email that does not go spam (doesn't necessarily need to be ledger related), a moment of carelessness due to urgency or simply not paying close attention to fall victime to it.
better be safe than sorry imo, so it's better to abandon the email completely or at least stop using it for anything important.

A convincing email is probably their tactic; it is quite convincing, additionally, with the details that they have on you. It adds more to the hype, and I do believe that people can get victimized like this. That's why I'm still waiting for the Ledger report with the report I made. They still have yet to reply on this issue.

[Lucius]

I like how subtly they used words like "secure computer" making you feel like what you are doing is secure. It's all about the wordings and mind tricks scammers use to get money. I didn't want to click any links at all so, I don't know the next step has in store.
Does anybody want to try???  ^{This is a joke only don't take it seriously}
~snip~

Even if someone is careless and clicks on the link, and starts the process, at the moment they are asked to type in the seed, they should probably remember that the seed is not entered anywhere else except in the hardware wallet. As far as I remember, that notice comes in the instructions with the device, it's on their official website, and it's a well-known warning in the world of cryptocurrencies.

If someone ignores all warnings and common sense, unfortunately, they cannot be helped - which only proves that people are the weakest link in the safety chain.

However, I want to mention that it is possible that hackers have found (or will succeed in the future) to hack HW remotely, so just connecting the device to the fake UI will be fatal.

[crwth]

Even if someone is careless and clicks on the link, and starts the process, at the moment they are asked to type in the seed, they should probably remember that the seed is not entered anywhere else except in the hardware wallet. As far as I remember, that notice comes in the instructions with the device, it's on their official website, and it's a well-known warning in the world of cryptocurrencies.

If someone ignores all warnings and common sense, unfortunately, they cannot be helped - which only proves that people are the weakest link in the safety chain.

However, I want to mention that it is possible that hackers have found (or will succeed in the future) to hack HW remotely, so just connecting the device to the fake UI will be fatal.

That should be fixed in all of us. People involved in cryptocurrencies should be vigilant with anything remote like that. I don't think it's possible to have hackers do it remotely because the generation of the seed is offline. It is on the device, and it's not programmed to transmit any of it IIRC. So I don't think it's possible to be remotely hacked. Maybe bypass the software of the Ledger itself while it's still connected? I hope that doesn't happen.

[NotATether]

The database must have been sold or even given away on hacker forums so now people are trying all of these diabolical strategies on those customers to try to steal their moeny.

Unfortunately the only way to completely stop this is to get a brand new email address and maybe even a new phone number and residential address if it goes to the extreme.

[Lucius]

That should be fixed in all of us. People involved in cryptocurrencies should be vigilant with anything remote like that. I don't think it's possible to have hackers do it remotely because the generation of the seed is offline. It is on the device, and it's not programmed to transmit any of it IIRC. So I don't think it's possible to be remotely hacked. Maybe bypass the software of the Ledger itself while it's still connected? I hope that doesn't happen.

Don't you know about the Recovery option that Ledger has been offering for some time? If it is possible for the user's seed to be sent from his device to third parties, then the possibility that hackers find a way to intercept such communication or hack Recovery and send the seed to themselves should not be ruled out. A device that has the ability to share a seed with someone is anything but a secure device.

The database must have been sold or even given away on hacker forums so now people are trying all of these diabolical strategies on those customers to try to steal their moeny.
~snip~

Either you are not at all aware of what happened or you forgot, that database you are talking about was practically published publicly on several forums after the incident - anyone could have downloaded it and I have no doubt that it can still be found online today. Of course, this database is used for phishing, but it is much more dangerous when it comes to physical attacks because it contains the addresses of buyers of their devices.