Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ledger. Show all posts
Ledger
Crypto Wallet Crypto Wallet Theft cryptocurrency Cryptocurrency threats Cyber Phishing Cyber Security Ledger

Trezor and Ledger Impersonated in Physical QR Code Phishing Scam Targeting Crypto Wallet Users

 

Nowadays criminals push fake crypto warnings through paper mail, copying real product packaging from firms like Trezor and Ledger. These printed notes arrive at homes without digital traces, making them feel more trustworthy than email scams. Instead of online messages, fraudsters now use stamps and envelopes to mimic official communication. Because it comes in an envelope, people may believe the request is genuine. Through these letters, attackers aim to steal secret backup codes used to restore wallets. Physical delivery gives the illusion of authenticity, even though the goal remains theft. The method shifts away from screens but keeps the same deceitful intent. 

Pretending to come from company security units, these fake messages tell recipients they need to finish an urgent "Verification Step" or risk being locked out of their wallets. A countdown appears on screen, pushing people to act fast - slowing down feels risky when time runs short. Opening the link means scanning a barcode first, then moving through steps laid out by the site. Pressure builds because delays supposedly lead to immediate consequences. Following directions seems logical under such conditions, especially if trust in the sender feels justified. 

A single message pretending to come from Trezor told users about an upcoming Authentication Check required before February 15, 2026, otherwise access to Trezor Suite could be interrupted. In much the same way, another forged notice aimed at Ledger customers claimed a Transaction Check would turn mandatory, with reduced features expected after October 15, 2025, unless acted upon. Each of these deceptive messages leads people to fake sites designed to look nearly identical to real setup portals. BleepingComputer’s coverage shows the QR codes redirect to websites mimicking real company systems. 

Instead of clear guidance, these fake sites display alerts - claiming accounts may be limited, transactions could fail, or upgrades might stall without immediate action. One warning follows another, each more urgent than the last, pulling users deeper into the trap. Gradually, they reach a point where entering their crypto wallet recovery words seems like the only option left. Fake websites prompt people to type in their 12-, 20-, or 24-word recovery codes, claiming it's needed to confirm device control and turn on protection. 

Though entered privately, those words get sent straight to servers run by criminals. Because these attackers now hold the key, they rebuild the digital wallet elsewhere without delay. Money vanishes quickly after replication occurs. Fewer scammers send fake crypto offers by post, even though email tricks happen daily. Still, real-world fraud attempts using paper mail have appeared before. 

At times, crooks shipped altered hardware wallets meant to steal recovery words at first use. This latest effort shows hackers still test physical channels, especially if past leaks handed them home addresses. Even after past leaks at both Trezor and Ledger revealed user emails, there's no proof those events triggered this specific attack. However the hackers found their targets, one truth holds - your recovery phrase stays private, always. 

Though prior lapses raised alarms, they didn’t require sharing keys; just like now, safety lives in secrecy. Because access begins where trust ends, never hand over seed words. Even when pressure builds, silence protects better than any tool. Imagine a single line of words holding total power over digital money - this is what a recovery phrase does. Ownership shifts completely when someone else learns your seed phrase; control follows instantly. Companies making secure crypto devices do not ask customers to type these codes online or send them through messages. 

Scanning it, emailing it, even mailing it physically - none of this ever happens if the provider is real. Trust vanishes fast when any official brand demands such sharing. Never type a recovery phrase anywhere except the hardware wallet during setup. When messages arrive with urgent requests, skip the QR scans entirely. Official sites hold the real answers - check there first. A single mistake could expose everything. Trust only what you confirm yourself.  

A shift in cyber threats emerges as fake letters appear alongside rising crypto use. Not just online messages now - paper mail becomes a tool for stealing digital assets. The method adapts, reaching inboxes on paper before screens. Physical envelopes carry hidden risks once limited to spam folders. Fraud finds new paths when trust in printed words remains high.
Read more »
snail mail
cryptocurrency Cyber Fraud forged letterheads Hardware Wallets Ledger phishing snail mail

Fraudsters Use Postal Mail to Target Crypto Hardware Wallet Owners



Cybercriminals are using traditional mail services to target cryptocurrency users who own hardware wallets manufactured by Trezor and Ledger. The attackers are distributing printed letters that falsely present themselves as official security notifications and attempt to trick recipients into revealing their wallet recovery phrases.

The letters instruct users to complete a compulsory “Authentication Check” or “Transaction Check,” claiming this step will soon become mandatory. Recipients are warned that failure to comply before stated deadlines could result in disrupted wallet functionality. One Trezor-themed letter sets February 15, 2026 as the cutoff date, while a Ledger-branded version references October 15, 2025.

The correspondence appears professionally formatted and claims to originate from internal security or compliance departments. In a case shared publicly by cybersecurity researcher Dmitry Smilyanets, a Trezor-related letter stated that authentication would soon be enforced across devices and urged users to scan a QR code to prevent interruption of Trezor Suite access. The letter further asserted that even if users had already enabled authentication on their device, they must repeat the process to ensure full activation and synchronization of the feature.

The QR codes direct recipients to fraudulent domains including trezor.authentication-check[.]io and ledger.setuptransactioncheck[.]com. At the time of reporting, the Ledger-linked domain was inactive, while the Trezor-related site remained accessible but displayed a phishing warning from Cloudflare.

The Trezor-themed phishing page states that users must complete authentication by February 15, 2026 unless they purchased specific models, including Trezor Safe 7, Safe 5, Safe 3, or Safe 1, after November 30, 2025, in which case the feature is allegedly preconfigured. After selecting “Get Started,” users are warned that ignoring the process could lead to blocked access, transaction signing errors, and complications with future updates.

Those who continue are prompted to enter their wallet recovery phrase. The form accepts 12-, 20-, or 24-word phrases and claims the information is necessary to confirm device ownership. Technical analysis shows that submitted phrases are transmitted through a backend endpoint located at /black/api/send.php on the phishing domain.

With access to the recovery phrase, attackers can restore the wallet on another device and transfer funds.

The method used to identify recipients remains unclear. However, both manufacturers have experienced past data breaches that exposed customer contact information, potentially increasing targeting risks.

Although email-based crypto phishing is common, physical mail scams remain relatively uncommon. In 2021, attackers mailed tampered Ledger devices designed to capture recovery phrases during setup. A similar postal campaign targeting Ledger users was reported again in April.

A recovery phrase, also called a seed phrase, represents the private cryptographic key controlling a cryptocurrency wallet. Anyone who obtains it gains complete control over the associated funds.

Legitimate hardware wallet providers do not request recovery phrases through mail, QR codes, websites, or email. The phrase should only be entered directly on the hardware device during a genuine restoration process.



Read more »
Ledger
Customer Data customer data leak customer data privacy Data Breach Data Exposure data security leaked sensitive data Ledger

Ledger Customer Data Exposed After Global-e Payment Processor Cloud Incident

 

A fresh leak of customer details emerged, linked not to Ledger’s systems but to Global-e - an outside firm handling payments for Ledger.com. News broke when affected users received an alert email from Global-e. That message later appeared online, posted by ZachXBT, a known blockchain tracker using a fake name, via the platform X. 

Unexpectedly, a breach exposed some customer records belonging to Ledger, hosted within Global-e’s online storage system. Personal details, including names and email addresses made up the compromised data, one report confirmed. What remains unclear is the number of people impacted by this event. At no point has Global-e shared specifics about when the intrusion took place.  

Unexpected behavior triggered alerts at Global-e, prompting immediate steps to secure systems while probes began. Investigation followed swiftly after safeguards were applied, verifying unauthorized entry had occurred. Outside experts joined later to examine how the breach unfolded and assess potential data exposure. Findings showed certain personal details - names among them - were viewed without permission. Contact records also appeared in the set of compromised material. What emerged from analysis pointed clearly to limited but sensitive information being reached. 

Following an event involving customer data, Ledger confirmed details in a statement provided to CoinDesk. The issue originated not in Ledger's infrastructure but inside Global-e’s operational environment. Because Global-e functions as the Merchant of Record for certain transactions, it holds responsibility for managing related personal data. That role explains why Global-e sent alerts directly to impacted individuals. Information exposed includes records tied to purchases made on Ledger.com when buyers used Global-e’s payment handling system. 

While limited to specific order-related fields, access was unauthorized and stemmed from weaknesses at Global-e. Though separate entities, their integration during checkout links them in how transactional information flows. Customers involved completed orders between defined dates under these service conditions. Security updates followed after discovery, coordinated across both organizations. Notification timing depended on forensic review completion by third-party experts. Each step aimed at clarity without premature disclosure before full analysis. 

Still, the firm pointed out its own infrastructure - platform, hardware, software - was untouched by the incident. Security around those systems remains intact, according to their statement. What's more, since users keep control of their wallets directly, third parties like Global-e cannot reach seed phrases or asset details. Access to such private keys never existed for external entities. Payment records, meanwhile, stayed outside the scope of what appeared in the leak. 

Few details emerged at first, yet Ledger confirmed working alongside Global-e to deliver clear information to those involved. That setup used by several retailers turned out to be vulnerable, pointing beyond a single company. Updates began flowing after detection, though the impact spread wider than expected across shared infrastructure. 

Coming to light now, this revelation follows earlier security problems connected to Ledger. Back in 2020, a flaw at Shopify - the online store platform they used - led to a leak affecting 270,000 customers’ details. Then, in 2023, another event hit, causing financial damage close to half a million dollars and touching multiple DeFi platforms. Though different in both scale and source, the newest issue highlights how reliance on outside vendors can still pose serious threats when handling purchases and private user information.  

Still, Ledger’s online platforms showed no signs of a live breach on their end, yet warnings about vigilance persist. Though nothing points to internal failures, alerts remind customers to stay alert regardless. Even now, with silence across official posts, guidance leans toward caution just the same.
Read more »
Scammer
AWS Crypto Phishing cryptocurrency cryptocurrency theft Cyber Attacks Fake Emails Ledger Phishing scam Scammer

Ledger Phishing Scam Targets Cryptocurrency Wallets

 


A sophisticated phishing email campaign has emerged, targeting cryptocurrency users by impersonating Ledger, a prominent hardware wallet provider. These fraudulent emails claim that the recipient’s Ledger wallet seed phrase — also known as a recovery or mnemonic seed — has been compromised. In an attempt to secure their funds, users are directed to a so-called “secure verification tool” where they are asked to confirm their seed phrase. The phishing emails appear convincing, offering a “Verify my recovery phrase” button. Clicking this button redirects victims through an Amazon Web Services (AWS) website to a fake domain, “ledger-recovery[.]info.”

Once users enter their seed phrase on this page, the attackers capture the information, granting them full access to the victims’ cryptocurrency wallets. A recovery phrase, typically consisting of 12 or 24 random words, acts as the key to accessing a wallet’s funds. The importance of keeping this phrase private and offline cannot be overstated. By stealing these phrases, the attackers gain control of the wallets and can siphon all funds, leaving victims with no recourse.

To increase the scam’s credibility, the phishing site includes several deceptive features. For example, it accepts only valid seed phrase words from a predetermined list of 2,048 options. Regardless of the entered data, the site falsely informs users that their phrase is incorrect, encouraging them to re-enter their information multiple times and ensuring the attackers receive accurate details.

The Evolving Nature of Phishing Scams

This phishing attempt highlights the evolving sophistication of such scams. In the past, phishing emails were often marred by poor grammar or clumsy wording, making them easier to spot. However, with advancements in generative artificial intelligence, scammers can now produce polished and professional-looking messages. In this instance, one of the few red flags was the use of the SendGrid email marketing platform and the redirection through an AWS website, which sharp-eyed recipients might notice.

While it remains unclear how many individuals fell victim to this scheme, any user who shared their seed phrase likely lost their funds permanently. This incident underscores the importance of exercising caution and maintaining strict security protocols when handling sensitive information like recovery phrases.

How to Protect Your Cryptocurrency Wallet

Cryptocurrency users are advised to verify communications directly through official sources and avoid clicking on links in unsolicited emails. Recovery phrases should never be shared online, as doing so compromises the entire wallet’s security. With scams becoming increasingly sophisticated, vigilance and education are crucial in safeguarding digital assets.

Read more »
Ledger
Cyber Crime cyber theft CyberCrime Cybersecurity Cyverattacks Data exposed Ledger

Data Insights Exposes Ledger's Granular Tracking: Is Privacy at Stake?

 


An investigation by Rekt Builder has raised concerns about the extent of data collection by Ledger Live, the official software for managing Ledger hardware wallets. The developer claims that Ledger Live tracks every move users make, including the apps they install and the crypto they hold. A ledger in accounting can be described as a book of accounts. It is the second book of entry for all accounting transactions. 

A company records their classified financial information in a ledger. Transactions are recorded in the ledger in different accounts as debits and credits. The ledger is intended to provide a clear history of a business's financial health by providing an accurate account of all its transactions, both present and past. 

A ledger contains all the financial activities of a company in an orderly manner. When preparing financial statements, various active account records such as assets, liabilities, equity, income and expenses are provided as a record of the transactions or events that have occurred during a certain period. 

The ledger contains all of the accounts required to compile financial statements and is also necessary for audit purposes. The entire list of accounts is also called the chart of accounts. 

Taking to X on December 27, Rekt Builder claims that Ledger Live embeds the genuine check into the app’s listing procedure. As such, it means that whenever you plug in your Ledger device and open Ledger Live, the software checks whether the device is genuine and sends this information to Ledger’s servers. This data includes the device’s serial number, firmware version, and the list of apps installed. 

Rekt Builder also notes that Ledger Live tracks the crypto balances stored on the device. However, what’s concerning is that all this data is sent to Ledger’s servers. Accordingly, it means Ledger can access a detailed record of its clients’ crypto holdings.  

To determine whether Ledger was trailing user activity, the developer attempted to turn off the remote tracking feature in Ledger Live, but this was impossible. Any attempt to disable tracking resulted in the software breaking. This suggests that Ledger has intentionally designed Ledger Live to track user activity. Rekt Builder’s findings raise serious concerns about the privacy of Ledger hardware wallet users. 

If Ledger is tracking each move users make, then it is possible that this data could be used to identify users and track their crypto transactions. This can be dangerous because a hack into any of Ledger’s centralized servers can mean malicious agents can control critical data, which can then be used to target individuals with large holdings of Bitcoin and other coins.  


Rekt Builder also notes that Ledger Live tracks the crypto balances stored on the device. However, what’s concerning is that all this data is sent to Ledger’s servers. Accordingly, it means Ledger can access a detailed record of its clients’ crypto holdings.  

The Purpose Of A Ledger Account Business owners can focus their efforts on recording all business transactions. Such records facilitate easy tracking of income and expenses and keep client/customer accounts and records accurately maintained. These records can either be written or can be in an electronic format, i.e., accounting software.

One-off costs can have a significant impact on the projected budget for an upcoming year, which is why it is important to remove them from a budget before the correct figures are calculated. The most reasonable way to get an accurate picture of the budget is by reviewing the ledger in detail. Users can check what expenses were done and what income came through as a one-time thing. These can be overlooked at the budget preparation stage so they do not affect the upcoming budget. 

Current income and expenditure can be used to gain more precise figures. There has been a crucial debate in the cryptocurrency community regarding the delicate balance between convenience and data security as users grapple with the potential privacy risks that may be brought to light by Rekt Builder's investigation into Ledger Live. Considering all of these revelations, one must reevaluate user protections as well as transparency measures in this ever-evolving world of digital asset management.
Read more »
User Privacy
Crypto Currency Data Breach Ledger Scammers User Data User Data Leak User Privacy

Fraudsters are Mailing Modified Ledger Devices to Steal Cryptocurrency

 

Scammers are mailing fraudulent replacement devices to Ledger customers who were recently exposed in a data breach, which are being used to steal cryptocurrency wallets. 

With increased cryptocurrency values and the use of hardware wallets to secure crypto funds, Ledger has become a frequent target for scammers. After receiving what appears to be a Ledger Nano X device in the mail, a Ledger user published a devious fraud on Reddit. The gadget arrived in authentic-looking packaging with a sloppy letter claiming that it was sent to replace their existing device as their customer information had been leaked online on the RaidForum hacker community. 

"For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device," state the fake letter from Ledger. 

"For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again." 

Despite the fact that the letter contained numerous grammatical and spelling issues, the information for 272,853 persons who purchased a Ledger device was published on the RaidForums hacking site in December 2020. This provided a slightly convincing reason for the new device's arrival. 

A shrinkwrapped Ledger Nano X box was also included in the package, containing what appeared to be a genuine device. After becoming skeptical of the device, they opened it and posted photos of the printed circuit board on Reddit, which clearly indicated the modification of devices. 

Mike Grover, a security researcher, and offensive USB cable/implant expert informed BleepingComputer that the threat actors added a flash drive and hooked it to the USB port based on the photos. 

Grover told BleepingComputer in a conversation about the photographs, "This appears to be a simple flash drive slapped on to the Ledger with the purpose of being for some form of malware delivery." 

"All of the components are on the other side, so I can't confirm if it is JUST a storage device, but.... judging by the very novice soldering work, it's probably just an off-the-shelf mini flash drive removed from its casing." 

As per the image examining, Grover highlighted the flash drive implant connected to the wires while stating, "Those 4 wires piggyback the same connections for the USB port of the Ledger." 

According to the enclosed instructions, it instructs people to connect the Ledger to their computer, open the drive that appears, and execute the accompanying application. The person then enters their Ledger recovery phrase to import their wallet to the new device, according to the guidelines. 

A recovery phrase is a human-readable seed that is used to produce a wallet's private key. Anyone with this recovery phrase can import a wallet and gain access to the cryptocurrency contained within it. After entering the recovery phrase, it is sent to the attackers, who use it to import the victim's wallet on their own devices to steal the contained cryptocurrency funds. 

This fraud is acknowledged by Ledger and they issued warnings about it in May on their dedicated phishing website. 

Recovery phrases for Ledger devices should never be shared with anybody and should only be input directly on the Ledger device the user is trying to recover. The user should only use the Ledger Live application downloaded straight from Ledger.com if the device does not allow to enter the phrase directly. 

Ledger customers flooded with scams: 

In June 2020, an unauthorized person gained access to Ledger's e-commerce and marketing databases, resulting in a data breach. 

This information was "used to send order confirmations and promotional mailings — largely email addresses, but with a subset that also included contact and order details including first and last name, postal address, email address, and phone number." 

Ledger owners began getting several of the phishing emails directing them to fraudulent Ledger apps that would fool them into inputting their wallet's recovery codes. After the contact information for 270K Ledger owners was disclosed on the RaidForums hacker community in December, these scams became more common. 

The leak resulted in phishing operations posing as new Ledger data breach notifications, SMS phishing texts, and software upgrades on sites imitating Ledger.com.
Read more »
Subscribe to: Comments (Atom)