3 min read

Fake Ledger devices mailed out in attempt to steal from cryptocurrency fans

Graham CLULEY

June 17, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Fake Ledger devices mailed out in attempt to steal from cryptocurrency fans

In December last year, we reported how the email and mailing addresses of some 270,000 Ledger customers had been published on a hacking forum following a data breach.

At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal users’ credentials.

What we hadn’t predicted was that cybercriminals would use a rather more elaborate way to steal users’ credentials.

As Bleeping Computer reports, some Ledger customers have received fake replacement Ledger devices via the post, alongside a letter that claims it is a replacement hardware wallet that should be used in the wake of the earlier data breach.

In a Reddit post, a Ledger customer shares photographs of the package he received as well as the contents of the letter which purports to come from Ledger’s CEO:

Dear Ledger client, As you know, Ledger was targeted by a cyberattack that led to a data breach in July 2020. We were informed about the dump of the content of a Ledger customer database on Raidforum. We believe this to be the contents of our e-commerce database from June 2020. At the time of the incident, in July, we engaged an external security organisation to conduct a forensic review of the logs available. This review of the logs enabled us to confirm that approximately 1 million email addresses had been stolen as well as 9,532 more detailed personal information (name, surname, phone number and customer wallet information) that we were able to specifically identify. For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again. We deeply apologize for the inconvenience caused to you due to our faulty security systems. Note: This new device doesn’t work for new setups. You need to follow 6 step installation guide which is inside your box. Once you successfully installed you can start to use your new device.

Accompanying the letter was a shrinkwrapped Ledger box, containing a modified device.

Credit: u/jjrand @ Reddit

Of course, it’s easy to take the packaging for a Ledger Nano X, replace its contents with a fake hardware wallet, and then shrinkwrap it again.

Ledger has confirmed that the device purporting to be a Ledger Nano X inside the box is fake: “A flash drive implant has been connected to the printed circuit board. It contains a file with a fake Ledger Live app. There are enclosed instructions in the Nano box which ask the user to connect the device to their computer, open a drive and run the fake Ledger Live app. To initialize the device, the user is asked to enter his 24 words in the fake Ledger Live app. This is a scam. A Ledger Nano is not a USB device. It does not contain any application to download and install on your computer. The only way to download the Ledger Live app is by using the official download page. Plus, Ledger and Ledger Live will never ask you to share your 24-word recovery phrase.”

In short, if you make the mistake of plugging the device into your computer and running the program contained on the device, you are putting the security of your PC in peril and might be one step away from handing over the keys to any cryptocurrency you might have stashed away.

As attempts to break into cryptocurrency wallets go, it’s certainly more of a parlarver than the typical phishing attack or optimistic malware-laced email, and must take much more time for the attacker. But then, if you’re vying to break into somebody else’s cryptocurrency fortune that may well be time you believe well spent.

The best advice for owners of hardware wallets would seem to be to remain suspicious of all communications related to their devices – whether they be via email, phone, or parcel.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Twilio Hack May Have Compromised 1,900 Signal Messenger Accounts Twilio Hack May Have Compromised 1,900 Signal Messenger Accounts
Vlad CONSTANTINESCU

August 16, 2022

2 min read
US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members
Alina BÎZGĂ

August 12, 2022

2 min read
Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch
Graham CLULEY

August 11, 2022

1 min read