Hackers attacked users of Ledger cryptocurrency wallet

Ledger, a manufacturer of hardware wallets for cryptocurrencies, was the target of two different attacks aimed at obtaining user passphrases. The attacks included both phishing methods and physical mailing of fake letters.

The first scheme involved sending out paper letters with the Ledger logo that contained a «security verification» request. The emails instructed users to scan a QR code and enter a wallet recovery phrase, threatening to lose access to funds in case of non-compliance. It is likely that the attackers used email addresses from a previous leak of the company’s database.

The second incident occurred on May 10, when hackers gained unauthorized access to the moderator account of Ledger’s official Discord server. The attackers distributed phishing links to a fake website and blocked users who tried to warn others about the danger.

Ledger has officially confirmed the fraudulent nature of both requests and reminded users that the company never asks for customer passphrases or initiates communication first. After the attack on Discord was detected, the administration regained control of the server, removed spambots, restricted the rights of the hacked account, and strengthened security measures.