Fake Ledger Keys to Steal Your Bitcoins!

June 18, 2021 Joe Kenehan

The French company Ledger can boast of being today the world leader in the secure holding of digital assets, in particular thanks to Ledger Nano, ultra-secure UBS keys that embed an encryption processor dedicated to the protection of your data. Unfortunately, this popularity comes at a price: that of being the target of crooks.

Let’s go back a few months first if you don’t mind. In December 2020, Ledger was the victim of an unprecedented cyberattack : the contact details of 273,000 customers of the Ledger company unfortunately found themselves in free access on a hacker forum in the Dark Web. This data included the first and last name, postal address and telephone number of Ledger’s customers.

A major scam against Ledger customers

And precisely, crooks have decided to take advantage of this event to develop a major scam. The purpose of the maneuver is simple: pretend to be the Ledger company in order to get the user recovery phrases, a precious key to accessing the digital portfolios of Ledger’s clients.

To do this, the crooks have put the small dishes in the big ones. Indeed, several clients of the French company claim to have received replacement UBS Ledger keys in the mail in recent days. The packaging appears authentic, with the packaging and the official logo of the brand. Things go wrong once you look at the letter in the package, supposedly written by Ledger CEO Pascal Gauthier.

Also read: Secure your Bitcoins with Ledger Wallet Nano S and Nano X

It is written there that Ledger was the victim of a major cyberattack in December 2020 (which is true) and that for this reason a new secure storage device is being sent to the customers affected by this leak. We summarize everything for you, less spelling mistakes (the letter is full of them). Of course, this letter is a vast hoax created from scratch by these crooks.

When opening the package, these customers came across a fake Ledger USB drive, as you can see in the photos below. It is actually a simple USB drive roughly modified to inject malware when connected to a PC. An application window will open, asking users to share their recovery phrase to import their digital wallet to the new device.

As a reminder, this is a 24-word sequence used to access your assets. If you fill it in, the malware will take care of transmitting the recovery phrase to the crooks. They just have to recover all of your cryptocurrencies. Ledger is aware of this scam and has already alerted its customers about it: “ Ledger will never send a replacement Nano if this has not been ad hoc agreed with the customer. If a Ledger customer receives a Nano when they have not requested it, it is advisable to either throw it away or contact us and send it directly to us for analysis ”, Ledger told our colleagues at BFM TV.