Owners of the most popular cryptocurrency wallet have been subjected to a large-scale phishing attack

The phishing emails contained headers such as «Security Alert: Data Breach May Expose Your Recovery Phrase», and the sender looked official. However, the links in the emails redirected to fraudulent resources that were created to steal data. On these pages, users were asked to enter a seed phrase, which gave the attackers access to their crypto assets. If the user entered an incorrect phrase, the system would generate an error, forcing them to retry until they entered the correct combination.

Ledger emphasized that it never asks for a recovery phrase and reminded users to ignore suspicious emails and not to click on questionable links. Website addresses should be entered manually only, and the recovery phrase should be used only on an official device.

This is not the first time the company has been targeted by cybercriminals. In November 2024, a fake Ledger Live interface was discovered in the Microsoft Store, which resulted in losses of $ 768,000. Also, at the end of 2023, the company faced a compromise of the library for decentralized applications due to a phishing attack on one of its employees. According to Ledger CEO Pascal Gauthier, the problem has already been resolved, but this incident has become an important lesson for the company.