Fraudsters Extract Crypto Wallet Details Utilizing Deceptive Ledger Correspondence
A phishing scheme is currently targeting users of Ledger hardware wallets, with scammers impersonating the company and attempting to steal users' secret recovery phrases. The scheme, which involves both emails and physical letters, is designed to look convincing, using official logos and fake CEO signatures, and often includes urgency tactics such as countdown timers to pressure victims into acting quickly.
The scammers trick users into revealing their recovery phrases or PINs through bogus firmware updates or fake validation requests. Ledger has confirmed that these are 100% phishing attempts and warns users never to share their 24-word recovery phrase, as it is only for device recovery and entering it online always means funds theft.
In some cases, counterfeit hardware wallets bought through sham e-commerce channels have also been compromised in a similar way, with attackers pre-setting recovery phrases to siphon funds as soon as they are deposited.
While there is no direct confirmed link between the Ledger phishing campaigns and the recent Coinbase data breach, scammers often exploit breach scare tactics broadly in the crypto world. The phishing emails claim a "July 15, 2025 data breach" to create fear and urgency, but this appears to be a reuse or fabrication of breach information by scammers rather than an official Ledger or Coinbase disclosure.
The U.S. Department of Justice (DOJ) has initiated an investigation into the Coinbase data breach, which compromised sensitive customer information, including names, addresses, phone numbers, email addresses, partially masked Social Security numbers (last four digits), masked bank account details, and images of government-issued IDs. However, the data breach did not involve the loss of cryptocurrency holdings.
The phishing letters falsely urge cryptocurrency holders to verify their wallets to avoid losing access to funds. One such letter, which was first brought to light by BitGo CEO Mike Belshe, reportedly contained a QR code that may redirect unsuspecting users to a malicious site. An alternative website was listed for completing the process in case the QR code was inaccessible.
Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions. It is also important to remember that Ledger has never asked users for their recovery phrases or PINs, and users should never share this information with anyone.
In the past, Binance and Kraken have successfully thwarted Coinbase-style phishing attacks. The Shib Magazine and The Shib Daily, the official media and publications of the Shiba Inu cryptocurrency project, also remind their readers to be vigilant and cautious when receiving unsolicited emails or letters.
The attackers who carried out the Coinbase data breach aimed to create a list of customers they could impersonate. Earlier this month, Coinbase dismissed multiple customer support agents in India amid allegations of their involvement in a social engineering operation that enabled unauthorized access to user accounts.
Belshe's post about the phishing attempt sparked significant concern within the crypto community, with many users expressing their frustration and urging others to be cautious. As the crypto world continues to grow, it is important for users to stay informed and protect themselves against scams and breaches.
References:
- Cointelegraph
- The Block
- Decrypt
- CoinDesk
- The phishing letters, similar to those currently targeting Ledger users, are being circulated amongst cryptocurrency holders with the intention of stealing their wallet recovery phrases and PINs.
- In the wake of the Coinbase data breach, it is crucial for users to remain cautious, especially when receiving unsolicited emails or letters, as these may contain malicious links or deceitful messages designed to exploit vulnerabilities in cybersecurity.
- As the crypto world becomes more expansive, it is essential to stay updated on general-news, crime-and-justice, and cybersecurity issues, and to implement appropriate technology measures to safeguard security against phishing schemes and potential breaches.
