A Ledger user and customer warns about a fake hardware device that arrived at his home via mail and that, at first glance, appears “authentic.”
The victims of the security hack that suffered Ledger in July last year and, which exposed the personal data of more than 1 million users, continue to be the target of scammers who want to steal their cryptocurrencies, At whatever price.
In the last few hours, a Ledger client and user revealed that he had received a replacement hardware device at his home that the company supposedly sent to compensate for the damage caused since the security leak. The user warns that the device appears “authentic” at first glance, comes sealed and includes a letter supposedly signed by Pascal gauthier, CEO of the company.
Of course, the device is completely fake and corresponds to a new strategy planned by scammers who want to steal cryptocurrencies from unsuspecting or unsuspecting users at all costs.
Ledger is the largest manufacturer of hardware wallets for cryptocurrencies in the world, which is why it has millions of users in the world.
It may interest you: Ledger reports on a hack that leaked customer information over the past two months
The small big details of the new scam
As the user who received the replacement device explains, at first glance everything seems “normal”, but Spelling errors in Gauthier's alleged upload y a “new structure” in the Ledger Nano to start to suspect, in addition to the fact that at no time did he make any requests for a replacement device to the company.
On Reddit, “Jirand" wrote that he received a package from Ledger even though he had not requested one. The user said that she is one of the victims of last year's Ledger hack but does not actually own cryptocurrency, as he bought a Ledger device to give as a gift. However, Jirand wrote online to confirm or deny the matter, although he was already quite sure that it was a scam.
Jirand published photos of the package received and its contents. The inside of the box made of plastic shows that it has been tampered with in addition to a misspelled letter, he claimed, so he decided to open the hardware wallet to reveal its structure.
Reddit users were quick to express their astonishment at the “next-level scam” that is brewing, acknowledging that scammers are putting a lot of effort into trying to trick cryptocurrency users.
Tampered Device vs Real Device
Mike Grover, security researcher, said that the hardware wallet had been manipulated by comparing the photo posted by Jirand with a photo of the actual structure of a Ledger Nano USB,” as BleepingComputer reported.
Grover explained that, judging by the work done on the fake device, scammers are looking to steal the recovery phrase or seed phrase of victims to control and steal their cryptocurrencies.
In his post, Jirand noted that the package came with setup instructions that ask users to run a fake Ledger Live companion app and enter their wallet seed phrase to import the wallet to the new device.
Ledger warns about new scam
Ledger, who is aware of the new scam attempt, warned to users that Ledger Nano X devices do not, under any circumstances, contain any applications to download and install on a computer.
The company reminded its customers that the Ledger Live application can only be downloaded from the official Ledger website, and not from web advertisements or third-party pages, much less from applications integrated into the supposed devices.
“A Ledger Nano is not a USB device. It does not contain any application to download and install on your computer. The only way to download the Ledger Live app is by using the official download page.”
Finally, the company warned that neither Ledger nor the Ledger Live app will ask users to share the 24-word recovery phrase for their wallets at any time and under any circumstances.
Since the security vulnerability that the company suffered a year ago, thousands of users have been harassed by scammers who want to steal their cryptocurrencies. Due to the situation, users should be suspicious of software updates, text messages, emails, calls and any form of contact from sites or people claiming to be or belong to Ledger, to avoid falling victim to scams and protect their assets. digital.
Continue reading: Ledger team warns of possible phishing attack in progress
