Man loses $258,000 in Bitcoin after falling into phishing

Ledger had the data leaked in October this year and since then several people have reported similar cases on Reddit and Twitter.

Magic Internet Money podcast presenter Brad Mills shared an incident in which a man lost $50,000 (approximately $258,000) after falling in a Ledger phishing scam. The amount would be the saving of a victim’s life.

In August the Ledger company had leaked customer data and most users of the famous hardware wallets had their emails exposed. According to several screenshots in cryptomaniac communities, the scammers who had access to the mailing list started sending phishing to the victims in an attempt to steal the bitcoins.

Although the subject has been widely publicized, the possibility of someone opening one of these emails is becoming almost inevitable. A victim ended up falling for the scam and lost $50,000 after downloading a fake software.

Hey @Ledger you need to keep sending phishing warnings to all of your customers!

People are losing their savings because of the hack!

Get in front of it, continually send out purposeful emails to your customers *just* about the hack!

A common tactic that scammers use is to send an alert email informing that the user needs to update the device in order to, amazingly, not be a victim of scams.

The message even cites data leakage and that the user’s coins are at risk.

„If you received this email it is because you have been affected by the security hole, please download the most updated version from the link below“.

If the user clicks on the link and installs the software he ends up configuring a new PIN of the wallet and sends the cryptomoedas to the scammers.

Ledger had the data leaked in October this year and since then several people have reported similar cases on Reddit and Twitter.

The company says users should not download updates from a site that is not the official site. Ledger also said that the initial phrase of recovery should never be inserted in any site, as Ledger never requests such information from users.

The company has committed to taking proactive measures to prevent the scams from continuing to happen.

„Ledger users are continually targeted for phishing attacks on social media, search engines and via email. Scammers are able to mimic the Ledger site, content or applications perfectly to attract users to enter their 24-word recovery phrase. Please be very cautious. If you are asked to provide your recovery phrase OR send assets, it is a scam“. Says the company on its website.

The company also cites the following security measures:

Reminder: Anyone with access to your 24-word recovery phrase can take your assets.
Never insert your 24-word recovery phrase anywhere other than your Ledger device.
Ledger will never ask for your 24-word recovery phrase.
Use only official Ledger contact.