Many people in recent weeks have received a text message from Ledger but it was a phishing attack.
In the messages, the criminals used the name of the famous company behind the famous hardware wallet inviting users to update the device by following the link provided.
Following the incident, Kraken carried out an in-depth analysis, and a few days ago they released a report in which all the details and methodology of the attack involving thousands of users can be understood.
This is not a firmware vulnerability, as it happened in the past, but a phishing attack, which consists in retrieving users’ private information to trick them into giving up their private keys, seed and more.
The phishing attack against Ledger users
The story started from one or more data breaches that the Ledger company suffered when thousands of data ended up in the hands of criminals. We are also talking about phone numbers, since some users have received an SMS directly on their number.
9500 users were affected by this phishing attack.
In the case of e-mail communication, the address didn’t raise even the slightest suspicion, seeing that “[email protected]” seemed legitimate because most crypto platforms use that type of extension.
Within the message, there was also a button inviting the user to click to update the device to the latest version, which took the victim to a perfectly cloned site where the user would download the desktop update containing malware.
Once the update process had started, the malware would ask the victim to enter the recovery phrase, and once it had been entered, it would reach the criminals who could then drain the victim’s funds.
Ledger obviously did not stand by and immediately acted to warn users of the incident and the attack that was going on.
As many as 42 websites that could mislead the users were thus blacked out, while a legal procedure was opened by the police in order to trace the criminals.