On October 2, the security arm of crypto exchange Kraken, Kraken Security Labs, released a case study containing detailed information about a recent phishing scam that targeted Ledger users.
According to researchers, criminals attempted to breach users’ sensitive data in an attempt to steal funds from their wallets. Ledger owners received fake emails and text messages from attacker-controlled “[email protected]” email address, asking them to download a new version of their software and then redirecting them to a cloned version of the original site.
From there, victims were tricked into providing their recovery phrase, after which the attackers gained access to their wallet and stole their funds. Luckily, the Ledger team managed to disable most of the malicious domains and stop some of the transactions, temporarily nullifying the attack.
Although the required preventative measures were taken considerably quickly, hackers supposedly keep switching their URLs to maintain their illicit campaign. The company further released a tweet urging people to spread information about the ongoing attack and prevent more users from being deprived of their funds.
“While we notified the registrar and hosting services, you can help reducing the impact of the ongoing phishing scam – report those websites as malicious (f.e. on https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en).”
The websites pinpointed in the tweet are as follow:
In their analysis, Kraken suggested several ways in which users can protect themselves from similar standard social engineering and malware schemes. These include reviewing suspicious emails and texts, maintaining one’s browser updated to the latest version, and using tools to verify if a site is a “punycode (a look-a-like to the original)”.
Lastly, experts suggested that clients should be wary of links and be cautious when asked to install software. They also warned users to never type their recovery words into anything, while also being mindful of surprises tuned in a “sense of urgency” and waiting for several days before providing any personal data.