Fake Device | Scammers Use Fake Devices For Cryptocurrency Wallets: Attempts to steal cryptocurrency wallets from Ledger customers were reporting. Scammers are shipping fake hardware to potential victims, along with a letter claiming the potential victim’s existing device is not secure.
Fake Device | Scammers Use Fake Devices For Cryptocurrency Wallets
Ledger offers two products, the Nano S and the Nano X, that can store the digital keys required to protect coin wallets. In addition to supporting various coins and being compatible with multiple apps, the devices are intended to provide a safe way to manage cryptocurrency without sacrificing too much convenience. According to the company’s website, the company has sold 1.5 million products to customers in 165 countries.
In July 2020 too, the company experienced a data violation. In December 2020, it said that the database market is known as Raidforen “share about 1 million email addresses” and “9,532 detail personal details (postal addresses, name, surname, and telephone number) which specifically identify.” Since then, this information produces used in such a phishing camp.
Nano X Modify & dispatch
According to Bleeping Computer, this particular campaign involved a modified Nano X shipped in the original packaging and shrink-wrapped to make it appear as though it was an official delivery. According to the publication, it dispatches with a letter purporting to be from Ledger CEO Pascal Gauthier. As a result of the RaidForums leak, the letter claimed, the intended victim’s information had compromised, and as a result, they require to switch to the new device.
However, this particular victim decided to take a closer look at the modified Nano X, and they discovered Nano X. It contained a flash drive that was not present on the original hardware. On that drive, malware designed to compromise the Ledger recovery phrase—and, consequently, the private key used to protect the wallet. It would most likely be install, allowing the scammers to steal the victim’s cryptocurrency.
Phishing Campaigns Tracking
A section of Ledger’s website dedicated to tracking phishing campaigns noted the company’s recognition of these efforts. “A scam is perpetrate here. Unlike other USB devices, the Ledger Nano is not power by a computer’s USB port. It just enables users to connect or installed on your computer because it is a web-based application. Using the Ledger Live app’s official download page is the only way to obtain the app “It went on to say, And don’t worry: you’ll never ask to share your 24-word recovery phrase with Ledger or Ledger Live.
In addition, the company provides a guide for verifying the integrity of Ledger Nano X-branded devices. There are pictures of the device’s printed circuit board (PCB), its root of trust, and other information in the guide to verify that the device has not to compromise. (It doesn’t appear to provide a similar guide for the Nano S, unfortunately.) That guide will likely be worth following for every Nano X, even if legitimately ordered the Nano X.