A sophisticated new attack on hardware wallet Ledger
Exactly one year ago this July 2020, Bitcoin (BTC) storage hardware wallet provider Ledger was victim to a hacking attack. As a result of this attack, the data of as many as one million users using the Ledger wallet was exposed. This data included email addresses, phones, and names. In the case of 200,000 people, the data also included home addresses. It seems that criminals are not slowing down! Currently, victims of the previous attack are being sent fake electronic devices, namely hardware wallets used to store Bitcoin, which are designed to take over the funds held by the victim. Be careful!
July 2020 data leak
The previous attack carried out by criminals was not as sophisticated. As we mentioned in the previous paragraph, sensitive data of users using Ledger wallet was “leaked” to the world. These users then received phishing emails in which the hackers tried to phish for keywords used to retrieve private keys. Obviously, this was aimed at stealing Bitcoins held by the attacked person.
June 2021 – A sophisticated attack on Bitcoin (BTC) holders
While the previous attack by strategy resembled a classic attempt to phish for sensitive data, the attack that is currently being carried out on Bitcoin (BTC) holders is much more sophisticated. In the previous paragraph, we mentioned that following a data leak in July 2020, the home addresses of some Ledger users were exposed. To these addresses, the criminals send allegedly genuine wallets to which, they claim, you should immediately transfer your funds in order to keep them safe.
So how do you tell the difference between a genuine hardware wallet and a fake?
On the surface, the fake is obviously packaged in identical packaging to the original. The kit includes a letter written by Ledger CEO Pascal Gauthier, a user manual, and the Ledger Nano X device itself.
Despite the supposed completeness of the kit, however, there are some signs that point to this being just another scam attempt. First, the letter written by the CEO, Pascal Gauthier, has spelling and grammatical errors. Secondly, when you open the device, you can see that the build quality differs significantly from the original. It seems that inside the “hardware wallet” there is an ordinary… flash drive. Only that it is removed from the casing and inserted into the Ledger Nano X wallet.
When you plug the device into your computer, it requires you to enter 24 keywords(private key) into the Ledger Live app. Essentially, this is the biggest red flag that can alert a user that someone is trying to steal their funds. Ledger has issued a statement warning users to never enter keywords. It also stipulates that Ledger’s original products never ask for keywords.