Cryptocurrencies cannot be operated without cloud servers and the internet. However, there are a good number of investors who want to switch to cold storage wallets that are dedicated hardware. Many brands offer their consumers hard drives like USBs that can be used to store their digital assets away from the reach of malware and hackers.
However, scammers have found a new way to target the users of hardware wallets. Ledger is a known name in the sector and has issued several versions of hardware wallets to enable cold storage. The threat actors have started to send altered devices to the Ledger users and bluff them into giving up their seed phrases or recovery keys.
How are Scammers Fooling People into Giving up their Recovery and Password to the Hackers?
In 2020, the customer details and personal data of the Ledger users were leaked. The data was available for sale at an underground website called Raidforum. Since the breach, the Ledger management claims that it has adopted better security software to protect from getting hacked.
Nevertheless, it seems that the data that has already been leaked has found a buyer. The buyers of Ledger Nano X are receiving a brand new device that looks the same as the model issued by the company. The scammers have also attached a letter and instruction manual with the device. Victims are told that the company is sending them an upgraded device in light of the previous hacks.
The receivers of the fake device are asked to install the malware that is present in the altered device. They are then directed to insert their seed phrase or recovery key into the form that appears before them. As soon as the victim enters their key into the malware, it is sent to the threat actors. Any person with this information can easily breach into a digital wallet and empty its content.
The Ledger authorities have caught wind of this scam, and they have posted a warning on their social media and blog posts. The letter that is sent with the new device is also filled with grammar and spelling mistakes. Upon closer inspection of the device, it can be seen that some alternations have been made to the motherboard. As reported by the bleeping computer, it is best to contact the brand first before taking any steps.