Scam Emails Target Ledger Users with Fake ‘Ledger Clear Signing’ Feature
Ledger
Phishing
Phishing scams
The emails include a malicious link that directs users to a fraudulent website.
Last updated:
October 15, 2024 09:52 EDT
Author
Ruholamin Haqshanas
Author
Ruholamin Haqshanas
About Author
Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto…
Author Profile
Share
Copied
Last updated:
October 15, 2024 09:52 EDT
Why Trust Cryptonews
With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict
editorial standards
, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets.
Read more about Cryptonews
A new wave of phishing emails is targeting Ledger hardware wallet users in an attempt to steal their cryptocurrency.
The fraudulent messages aim to deceive users into activating a fake security feature called “Ledger Clear Signing,” which scammers claim is necessary for continued use of Ledger devices.
The
phishing campaign
, with a deadline set for October 31, warns users that failing to activate this feature will prevent them from using their devices securely.
Phishing Emails Direct Users to Malicious Website
The emails, which are not sent from official Ledger addresses, include a malicious link that directs users to a fraudulent website.
“To continue using your Ledger device securely, activating Clear Signing is mandatory starting November 1, 2024. This feature is essential in protecting your assets from phishing attacks and fraudulent activities that are becoming more sophisticated,” the phishing message reads.
Phishing scams are designed to trick victims into revealing sensitive information, such as private keys or passwords, which can give scammers access to their cryptocurrency wallets.
In this case, the goal is to mislead users into clicking on a link and providing access to their Ledger wallet, allowing the attackers to drain their crypto holdings.
Thomas Roccia, a senior threat researcher at Microsoft, described the current email campaign as a “very clean Ledger scam.”
Roccia pointed out that the scam link redirects users to a URL that has no affiliation with Ledger, further emphasizing the importance of avoiding suspicious links.
Phishing attacks in the crypto space are becoming more frequent and costly.
In May 2024, a high-profile phishing scam resulted in a trader losing $71 million worth of cryptocurrency.
Such incidents highlight the growing sophistication of phishing tactics and the substantial financial losses that can occur.
Crypto Users Lose $46M to Phishing Scams in September
Phishing
attacks remain a major issue
for crypto users, resulting in substantial losses.
In September alone, more than 10,000 individuals lost over $46 million to such scams, as reported by Scam Sniffer, a Web3 anti-scam platform.
The platform revealed that 10,805 victims suffered losses amounting to $46.7 million from various crypto phishing scams last month.
Just recently, it was revealed that cybersecurity scammers are
using automated email replies
to compromise systems and deliver stealthy crypto mining malware.
This comes on the heels of another malware threat identified in August.
The “Cthulhu Stealer,” which
affects MacOS systems
, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.
In another instance, a fraudulent crypto
wallet app on Google Play
has stolen $70,000 from users in a sophisticated scam that has been described as a world-first for targeting mobile users exclusively.
The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol but was, in fact, a sophisticated scheme to drain crypto wallets.
Follow us on Google News