Updated Oct. 16, 9:56 am, UTC: This article has been updated to include quotes from Ledger’s chief technology officer, Charles Guillemet.

A new wave of scam emails is targeting Ledger users and attempting to steal their crypto holdings.

The scam emails aim to convince users to activate a security feature called “Ledger Clear Signing” by Oct. 31, so they can continue using their Ledger device.

The emails — sent from addresses not associated with Ledger — direct users to a malicious link to activate the fake security feature. The phishing email says:

“To continue using your Ledger device securely, activating Clear Signing is mandatory starting November 1, 2024. This feature is essential in protecting your assets from phishing attacks and fraudulent activities that are becoming more sophisticated.”
Ledger users targeted by malicious ‘clear signing’ phishing email image 0

Scam email impersonating Ledger. Source: Cointelegraph

Phishing scams deceive users into willingly sharing their account details with scammers. Crypto users should avoid clicking on suspicious links or providing any personal information to unknown sources.

Related: UK, Colombia crypto exchanges linked in TD Bank record fine

Crypto investors should be increasingly aware of the proliferation of phishing scams, according to Charles Guillemet, the CTO of Ledger.

He told Cointelegraph:

“To be clear: Ledger will never ask you to share your account details or 24 words. Your actions on your smartphones and laptops are never fully secure, and that’s why Ledger exists. The only way to securely own your digital assets is to clear-sign everything you do through inherently secure devices.”

Phishing attacks are becoming increasingly common in the crypto space. In May, a trader lost $71 million worth of crypto in the year’s most high-profile phishing attack. The attacker tricked the trader into sending 99% of their funds to the attacker’s address.

Scammers continue vying for Ledger users

Ledger’s hardware wallets are among the most popular in the industry, making its users prime targets for scammers.

According to Thomas Roccia, senior threat researcher at Microsoft, the current wave of emails is a “very clean Ledger scam.” In a follow-up post, Roccia noted that the scam link redirects users to a URL that is completely unrelated to Ledger.

Ledger users targeted by malicious ‘clear signing’ phishing email image 1

Scam email impersonating Ledger, urlscan.io. Source: Thomas Roccia

Phishing attacks are a growing concern in crypto

Despite their unsophisticated nature, phishing attacks are a growing concern in crypto.

Phishing attacks stole about $46 million in September from some 10,800 victims, according to the onchain security firm Scam Sniffer. The biggest loss was reported on Sept. 28, when a phishing attack using a permit phishing signature drained 12,083 spWETH worth $32.4 million.

Related: SUI price rally sparks $400M insider selling allegations

In August, crypto phishing attacks surged by over 215%, with $66 million worth of digital assets stolen from around 9,145 victims.

Most of the stolen value in August was attributed to a single large-scale phishing attack worth $55 million.

On Aug. 20, a crypto holder signed a transaction that changed the ownership of 55.5 million Dai ( DAI ) in the decentralized finance protocol Maker.

$3 billion stolen in hacks — Why are crypto crimes surging? Source: YouTube


Magazine: 10 crypto theories that missed as badly as ‘Peter Todd is Satoshi’