Ledger phishing

[NeuroticFish]

I don't know is anybody on the forum still uses Ledger, however, I've got these days an e-mail that it's most probably phishing, since the sender domain and the domain the button sends to are not Ledger's.

[Meuserna]

I assume you received that email because Ledger leaked their customer database, including customer names, home addresses, email addresses, and everything.  That happened at least once:

"Ledger wallet users face mounting home invasion and other scareware threats as hacker dumps private customer information online."

--Cointelegraph

And Ledger themselves have been phished:

"A Ledger employee just got phished. DeFi users lost over $600k"

"Ledger confirmed the attack was the result of a hacker compromising one of its employees via a phishing attack. After gaining access to Ledger’s internal systems, the hacker planted malicious software within the Ledger Connect Kit."

--DLnews

Then, the story changed when Ledger admitted it was a FORMER employee.

How a Single Phishing Link Unleashed Chaos on Crypto:  "Ledger has confirmed the attack began because “a former Ledger employee fell victim to a phishing attack.”

--Decrypt

Why did an ex-employee still have access to the codebase?  Ledger won't say.  How many former Ledger employees still have access to their codebase?  Ledger won't say, not that we could trust any answer they'd give since they've lied so many times.

Here's my point:

Why are you still trusting Ledger?

You should seriously consider switching to a hardware wallet that runs trustworthy code.  Ledger's closed source code can't be trusted.

[Charles-Tim]

Why are you still trusting Ledger?

I am very sure he do not trust the wallet. We do it trust the wallet anymore on this forum. Although, I did not trust the wallet since I joined this forum after I knew what secure element is.

Ledger's closed source code can't be trusted.

No even only close source code but also how they do not care about their customers privacy and also how they make their customers seed phrase to be stored online.

[NeuroticFish]

I assume you received that email because Ledger leaked their customer database

That's correct.

Why are you still trusting Ledger?

You've assumed too much here. I no longer trust them.. especially after their seed recovery stunt.

You should seriously consider switching to a hardware wallet that runs trustworthy code.  Ledger's closed source code can't be trusted.

Wow, thank you. (/s)
PS. One doesn't really need HW nowadays. An usb stick and a seed generated safely can do wonders.


My post was made because some (not me) may still use Ledger (for some unexplainably odd reason) and I don't want them fall for phishing. I thought that this was clear from the first lines I wrote.

[bitbollo]

Emails like this are sent "in bulk" even to users who have never used ledger scams but have simply provided that specific email address when registering for a crypto service.
I'm not saying this for OP's specific case, but I personally have an email address that I used in the airdrop that receives any type of scam including these ones from ledger

[Hispo]

I have gotten several emails like that one, even though I have never used or bought a ledger in my life, as it is accustomed among scammers they take any list of leaked mail addresses they can put their hands on, and send millions of those scammy emails hoping for a fraction of the recipients to actually own a ledger and be stupid/gullible enough to click on the link and hand over their private key to scammers.

Also,.I knew ledger did not longer have the good reputation once had among people in this forum and had committed serious mistakes, from leaking people's addresses to implementing bad software which compromises the seed phrase of users, but allowing a "former employee" to still hold power over the code/firmware of wallet is ridiculous. My guess is they did not want to get sued as badly and decided to change the history on the employee who got phished. 

[Cricktor]

..., but allowing a "former employee" to still hold power over the code/firmware of wallet is ridiculous. My guess is they did not want to get sued as badly and decided to change the history on the employee who got phished. 

I don't quite see how such a stunt, be it true or not, could change their fate of being sued or not. Blaming a "former employee" sheds even worse light on their seemingly non-existant security policies.

You either give employees clever designed fine granular credentials which you can revoke when an employee is leaving, and this revokation prevents further access and doesn't compromise higher up credentials OR you change all necessary less clever credential scope to cut further access by such former (or certain current) staff.

When Ledger doesn't care about such basics, they stink from the very core and are just complete morons. Nobody should trust such incompetence. Who knows what else is rotted by their deeply rooted negligence? Yes, I despise such loudmouths, especially their managers, in particular their CEO.

[Meuserna]

I don't quite see how such a stunt, be it true or not, could change their fate of being sued or not. Blaming a "former employee" sheds even worse light on their seemingly non-existant security policies.

It's especially bad since Ledger fired 12% of their workforce late last year.  There could be a lot of people suddenly without paychecks who still had access to Ledger's codebase...  dot dot dot...

[m2017]

It's especially bad since Ledger fired 12% of their workforce late last year.  There could be a lot of people suddenly without paychecks who still had access to Ledger's codebase...  dot dot dot...

12% looks like a pretty impressive number of employees, but the Ledger's LinkedIn profile shows 500-1000 employees, and then it turns out that 50-100 people could have been fired. I saw info on the Internet about a possible total number of employees of ~700 and ~90 fired.

It is not necessary that these 12% of employees had the ability and access to the code base of the Ledger. I want to say that it could be that among those fired there were no source code developers at all, and these employees were from various departments, such as marketing and the like. Of course, this is little consolation and it is bad to hope that among the fired there were no people with access to the code base, but you should not panic right away. Because these employees probably signed NDAs and abuse of official access is fraught with consequences, and not only administratively punishable, but criminally. In fact, any hardware wallet manufacturer may have unscrupulous people on staff who abuse the availability of the service database. And hackers may also infiltrate under the guise of regular employees. Why not?

[Lucius]

Their CEO would call this a very trivial thing, and realistically for anyone who has any understanding of the things around them, it would never occur to them to download any upgrade through the links they received in the e-mail. Besides, is it so difficult to go to the official website and see if there are any notifications there?

Phishing is really a trap only for the careless and naive, but considering the alleged millions of devices sold, if only 0.1% fall for this kind of trick, someone will earn a lot of money.

[dkbit98]

I don't know is anybody on the forum still uses Ledger, however, I've got these days an e-mail that it's most probably phishing, since the sender domain and the domain the button sends to are not Ledger's.

Did you ever purchased any of the ledger products using this email address, or maybe you signed up for their newsletter?
If the answer is yes than your data is probably leaked already.

This is an obvious phishing scam attempt, but I generally don't trust most of the emails I receive and I never click any links/buttons without checking the actual link first.
I received a bunch of similar emails for both ledger and trezor in last few years, and I never even used that email to purchase anything.

[NeuroticFish]

Did you ever purchased any of the ledger products using this email address, or maybe you signed up for their newsletter?
If the answer is yes than your data is probably leaked already.

Of course that this is the reason. You expected I never was younger and much more stupid? 
No worries, I know why I've got the phishing and I know it's phishing.
And I no longer use their crap either, so... yeah 

[m2017]

Their CEO would call this a very trivial thing, and realistically for anyone who has any understanding of the things around them, it would never occur to them to download any upgrade through the links they received in the e-mail.

What is trivial for one user may be something extraordinary for another.

With each bullrun, more and more newcomers come to the cryptoindustry, who don't have the skills and knowledge of "trivial things", and who find themselves under attack from such phishing attacks.

Besides, is it so difficult to go to the official website and see if there are any notifications there?

Here, simple human laziness and inability to double-check all events related to finances are evident. And also, the "panic-inducing text" used in the e-mail, pushing to quickly make an update (risks of losing the contents of the wallet), which pushes the user to ignore the "voice of reason" and not check the authenticity of the information on the official website.

Phishing is really a trap only for the careless and naive, but considering the alleged millions of devices sold, if only 0.1% fall for this kind of trick, someone will earn a lot of money.

In the "fishing net" of phishing, one way or another, someone will get caught, because not all buyers of  ledger's device are technically literate.

[Pmalek]

Same old, same old. Why change a scam attempt if it still works, I guess. We have seen these types of phishing scams numerous times, but this one is, at least, nicely written and sounds legit at first. Seems like free access to AI bots can do wonders even in the phishing industry. All looks good until they request that you download their fake software, where you will most probably need to enter your seed and send it to the scammers.