Ledger hack / phishing scam

You Got P4wn3d! GAME OVER

Sunday, December 13, 2020

The big crypto-coin forefather has been quite prominent in the news lately. A lot of malicious actors have been targeting crypto n00bs for would-be gains. The French company that makes hardware wallets called Ledgers were targeted by hackers in the last few months. And these hackers exploited a vulnernerability in the site and created a security breach that compromised and leaked nearly 86,000 email addresses on the company’s customer list according to FXStreet. Fake email letters were sent out that accounts were compromised and asking users to reset PINs and click on links to do so. HOWEVER, there were subtle hints in the letters that these were actually scam letters and NOT legitimate. The letters including mispellings and odd formed links. Ledger confirmed another mass email weeks later from bad actors attempting to bilk users out of their earnings and crypto. Accordingly it was found out that a marketing database was hacked and the API interface vulnerability may have allowed up to almost a million emails to be stolen.
Our take: with so many people wanting a hand in the honeypot it may be not too long before businesses, banks, and hackers (including state-sponsored ones) will show up wanting a piece of the pie. Everyone wants a way to control it.

People in crypto should be extra careful with emails, social media, browsers and search engines.

Bad actors can completely duplicate webpages to mimic appearances of official sites.

  • Don’t give anyone your recovery phrase.
  • Beware of fake social media or fake live video streams and fake Chrome applications.
  • Be careful of fake recovery apps.
  • If you come across a potentially malicious site as flagged by your browser then exit the site.
  • Be careful of fake deactivation emails and texts warning you of some action or need to visit a reset link. One of the weakest points happen when human intervention is involved such as clicking links and resetting PINs. Sometimes the best thing to do is just not take action and not clicking or resetting.

In the case of the hardware wallet there are also fake emails stating money was sent but you suspect money never really was sent. The email directs you to click a link to go cancel the transfer and you have no recollection of any such transaction. Or it could be a login warning. Avoid clicking anything if things just don’t sound right. Often these phishing emails play on fear and taking immediate action to correct the idea of lost funds. But before you connect your app or wallet or try to sync and reset anything, do know that the best thing is to think logically and critically if someone is trying to get you to take action and mess you up.

  • Also consider bookmarking official sites. There are many spoofed fake sites.
  • Another thing is to beware of keyloggers that may be downloaded on a site that capture your password.

With crypto, a lot of the emails prey on people trying to become compliant or not get deactivated. But really if your funds sit in your wallet and you don’t give anyone your personal codes of any kind or connect to any hardware or link up with external method then it’s most likely safe.

Remember, don’t get scammed and watch your shoulder. Some bro may be watching you.

Author: savvywealthmedia

Leave a Reply

Your email address will not be published. Required fields are marked *