Ledger users targeted by malicious ‘clear signing’ phishing email
A new wave of scam emails is targeting Ledger users and attempting to steal their crypto holdings.
The scam emails aim to convince users to activate a security feature called “Ledger Clear Signing” by Oct. 31, so they can continue using their Ledger device.
The emails — sent from addresses not associated with Ledger — direct users to a malicious link to activate the fake security feature. The phishing email says:
“To continue using your Ledger device securely, activating Clear Signing is mandatory starting November 1, 2024. This feature is essential in protecting your assets from phishing attacks and fraudulent activities that are becoming more sophisticated.”
Scam email impersonating Ledger. Source: Cointelegraph
Phishing scams deceive users into willingly sharing their account details with scammers. Crypto users should avoid clicking on suspicious links or providing any personal information to unknown sources.
Related: UK, Colombia crypto exchanges linked in TD Bank record fine
Cointelegraph asked Ledger to comment but had not received any by the time of publication.
Phishing attacks are becoming increasingly common in the crypto space. In May, a trader lost $71 million worth of crypto in the year’s most high-profile phishing attack. The attacker tricked the trader into sending 99% of their funds to the attacker’s address.
Scammers continue vying for Ledger users
Ledger’s hardware wallets are among the most popular in the industry, making its users prime targets for scammers.
According to Thomas Roccia, senior threat researcher at Microsoft, the current wave of emails is a “very clean Ledger scam.” In a follow-up post, Roccia noted that the scam link redirects users to a URL that is completely unrelated to Ledger.
Scam email impersonating Ledger, urlscan.io. Source: Thomas Roccia
Phishing attacks are a growing concern in crypto
Despite their unsophisticated nature, phishing attacks are a growing concern in crypto.
Phishing attacks stole about $46 million in September from some 10,800 victims, according to the onchain security firm Scam Sniffer. The biggest loss was reported on Sept. 28, when a phishing attack using a permit phishing signature drained 12,083 spWETH worth $32.4 million.
Related: SUI price rally sparks $400M insider selling allegations
In August, crypto phishing attacks surged by over 215%, with $66 million worth of digital assets stolen from around 9,145 victims.
Most of the stolen value in August was attributed to a single large-scale phishing attack worth $55 million.
On Aug. 20, a crypto holder signed a transaction that changed the ownership of 55.5 million Dai ( DAI ) in the decentralized finance protocol Maker.
$3 billion stolen in hacks — Why are crypto crimes surging? Source: YouTube
Magazine: 10 crypto theories that missed as badly as ‘Peter Todd is Satoshi’
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin Surpasses $76,000 After US Elections: What's Next for Altcoins?
Bitcoin Policy Institute: U.S. Should Build Strategic Bitcoin Reserve
A new report from the Bitcoin Policy Institute suggests that the U.S. should consider building a Strategic Bitcoin Reserve (SBR).
Polymarket Whales Score Big on Trump Bets
Some crypto investors, known as "whales," have made a fortune by betting on former President Donald Trump’s chances in the 2024 U.S. election
Post-Election Strategy, Why ‘Selling the Truth’ Could Drive BTC and Gold