After all the attempts to take advantage of the Ledger data breach in July 2020, scammers are trying a new strategy that involves providing victims with convincing but fake hardware wallets.
Victims appear to be receiving counterfeit hardware wallets
According to “jjrand”, a Reddit user, he received a Ledger Nano X hardware wallet directly in the mail. He explained in the post on Reddit that the shrink-wrapped package even included the company’s logo to appear more legitimate. It also came with installation instructions. Jjrand stated later that he did not place an order to receive a wallet. The box also contained a dubious letter from Pascal Gauthier, Ledger’s CEO, saying that the replacement device was actually shipped after a data breach that allegedly exposed users.
Ledger warns against fake desktop app
Because of the massive user data breaches in July, Ledger customers were targeted in a series of phishing scams. In December 2020, for example, all the company’s customers were targeted in a large-scale phishing campaign that used fake data breach notifications to trick users into downloading a fake Ledger Live app.
The mobile version of the app in the links was real. However, the desktop version was not. If users installed the desktop version, the “app” would then trick users into entering their recovery phrase as well as their secret passphrase to directly access their wallet and end up stealing their cryptocurrency. The ongoing phishing campaigns have actually become so common that Ledger has created an official list on its website to track all of them.
According to the company, their statement. They are aware of the scam, which is why they have created a list of malicious attacks on their website. Users should remain suspicious if they ever receive free products in the mail that they did not officially order or are contacted by Ledger’s support team.