Scam Emails Target Ledger Users with Fake 'Ledger Clear Signing' Feature

Ledger Phishing Phishing scams

The emails include a malicious link that directs users to a fraudulent website. Last updated:

October 15, 2024 09:52 EDT

Author

Ruholamin Haqshanas

Author

Ruholamin Haqshanas

About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto…

Author Profile

Share

Copied

Last updated:

October 15, 2024 09:52 EDT

Why Trust Cryptonews With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews A new wave of phishing emails is targeting Ledger hardware wallet users in an attempt to steal their cryptocurrency.

The fraudulent messages aim to deceive users into activating a fake security feature called “Ledger Clear Signing,” which scammers claim is necessary for continued use of Ledger devices.

The phishing campaign, with a deadline set for October 31, warns users that failing to activate this feature will prevent them from using their devices securely.

Phishing Emails Direct Users to Malicious Website

The emails, which are not sent from official Ledger addresses, include a malicious link that directs users to a fraudulent website.

“To continue using your Ledger device securely, activating Clear Signing is mandatory starting November 1, 2024. This feature is essential in protecting your assets from phishing attacks and fraudulent activities that are becoming more sophisticated,” the phishing message reads.

Phishing scams are designed to trick victims into revealing sensitive information, such as private keys or passwords, which can give scammers access to their cryptocurrency wallets.

In this case, the goal is to mislead users into clicking on a link and providing access to their Ledger wallet, allowing the attackers to drain their crypto holdings.

Thomas Roccia, a senior threat researcher at Microsoft, described the current email campaign as a “very clean Ledger scam.”

Roccia pointed out that the scam link redirects users to a URL that has no affiliation with Ledger, further emphasizing the importance of avoiding suspicious links.

Very clean Ledger scam! 🧐 cc: @LedgerCybersec @cryptoShields pic.twitter.com/I1h5PX8dfC

— Thomas Roccia 🤘 (@fr0gger_) October 15, 2024

Phishing attacks in the crypto space are becoming more frequent and costly.

In May 2024, a high-profile phishing scam resulted in a trader losing $71 million worth of cryptocurrency.

Such incidents highlight the growing sophistication of phishing tactics and the substantial financial losses that can occur.

Crypto Users Lose $46M to Phishing Scams in September

Phishing attacks remain a major issue for crypto users, resulting in substantial losses.

In September alone, more than 10,000 individuals lost over $46 million to such scams, as reported by Scam Sniffer, a Web3 anti-scam platform.

The platform revealed that 10,805 victims suffered losses amounting to $46.7 million from various crypto phishing scams last month.

Just recently, it was revealed that cybersecurity scammers are using automated email replies to compromise s and deliver stealthy crypto mining malware.

This comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS s, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

In another instance, a fraudulent crypto wallet app on Google Play has stolen $70,000 from users in a sophisticated scam that has been described as a world-first for targeting mobile users exclusively.

The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol but was, in fact, a sophisticated scheme to drain crypto wallets.

Follow us on Google News