Criminals began sending fake hardware wallets to Ledger customers in an attempt to steal cryptocurrency from their Bitcoin wallets. According to a new report from BleepingComputer, a Reddit user named "jjrand" recently posted an article on the site explaining how he received a Ledger Nano X hardware wallet in the mail. The shrink wrap packaging had the company logo on it to make it more legit and contained an installation manual. However, the package received by jjrand, for which they did not place an order with the company, also contained a letter from Ledger CEO Pascal Gauthier explaining that the replacement device had been shipped as a result of 'a data breach that led the customer to information which is exposed on a popular hacking forum, which says: "Because of this, for security reasons, we sent you a new device, you need to upgrade to a new device to stay safe. There is a manual inside your new box that you can read to learn. How to set up your new device. For this reason, we have changed the structure of our devices. Now we guarantee that this type of violation will not happen again. "
Phishing campaigns
After suffering a data breach in July of last year, Ledger customers have been targeted by various phishing campaigns launched by cybercriminals and criminals. For example, in December 2020, the company's customers were targeted with a phishing campaign that used fake data breach notification emails to try to convince Ledger users to download the Ledger Live app. While the mobile version of the app in the links included in these emails was real, the desktop version was not, and if a user installed it, the app required them to enter both their recovery phrase and password to access your wallet and steal your crypto. These ongoing phishing campaigns have become so common that Ledger has created a list on its website to track them all. In a statement to TechRadar Pro, the company's chief information security officer, Matt Johnson, provided further details on the latest scam, saying: "We are aware of this scam, which we have included in our list of ongoing malicious attacks that are listed on our website. You should be careful about receiving a free product in the mail that you did not request and check the official Ledger channels or contact the Ledger support team. Ledger and Ledger Live will never ask you to share your 24 word recovery phrase. Finally, Ledger communicates securely via Ledger Live, never by mail or phone. We would never send anything to your address without your consent. Ledger customers should remain vigilant to avoid falling victim to this latest scam, as well as others designed to steal their cryptocurrency. by Vice