Hackers keep sending fake crypto wallets to Ledger leak victims

Crypto hackers continue to wage a sophisticated phishing campaign on Ledger customers affected by last year's data leak.

Would-be hackers are still sending fake devices to crypto users affected by last year’s Ledger data leak, reports Bleeping Computer.

French crypto wallet maker Ledger previously warned customers of an “aggressive phishing campaign” following the leak. It seems those efforts persist.

One recipient recently shared images of a suspect device to Reddit, warning others of the sophisticated scam to phish crypto via the mail.

Fraudsters included a clumsily written letter purportedly signed by Ledger’s chief exec Pascal Gauthier. The note claimed the device was a replacement Ledger in response to the data breach.

“I have got a package from Ledger although I did not order one,” wrote the Redditor. “Inside the package, there is a brand new Ledger X and the letter attached.”

“As a victim of the latest Data Breach I have signed up reddit [sic] only to post this. Maybe someone from the company can confirm or deny it.”

The poster updated the post to say they’d opened the device and could see it had been tampered with.

Last July, Ledger claimed it lost control of sensitive info related to 9,500 of its customers.
Email addresses of over 1 million Ledger users were posted to RaidForums in December.
More detailed data of 272,000 customers (names, mailing addresses, and phone numbers) were also leaked.

Malicious hardware implant in the wild!

I helped @LawrenceAbrams dig into this. It’s a hardware wallet with a malicious implant added. It’s being mailed to targets.

Read about it here: https://t.co/Hu8Vp6Au5o pic.twitter.com/TUGEmo7nwm
— _MG_ (@_MG_) June 16, 2021

If you were affected by the Ledger leak, look out for weird-looking crypto wallet in the mail.

The fake devices were tagged with instructions, which directed the recipient to connect the phoney Ledger to their computers. It would then run pre-loaded software — most likely malware.

Dodgy USBs expert Mark Grover told Bleeping Computer: “This seems to be a simple flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery.”

Grover highlighted the fraudsters employed “novice soldering” to attach a basic USB storage drive to the Ledger USB port.

Users were also prompted to enter their 24-word recovery phrase to import their old Ledger wallet — this is how the hackers would get their hands on their mark’s crypto.

Ledger keeps a log of phishing scams plaguing affected customers.

Paris-based Ledger first notified the public of the fake device scam in April. A report from March details a similar ploy, in which a prospective user bought a fake Ledger on Amazon.