Kraken Unveils Elaborate Ledger Phishing Attack

  • While the Ledger team managed to respond within 48 hours of the start of the phishing campaign, attackers are continuing to switch domains to keep going.
  • The criminals are supposedly using phishing emails and text messages to effectively redirect users to a cloned website closely resembling the original version.

Image by Ledger

On October 2, the security arm of crypto exchange Kraken, Kraken Security Labs, released a case study containing detailed information about a recent phishing scam that targeted Ledger users.

According to researchers, criminals attempted to breach users’ sensitive data in an attempt to steal funds from their wallets. Ledger owners received fake emails and text messages from attacker-controlled “[email protected]” email address, asking them to download a new version of their software and then redirecting them to a cloned version of the original site.

From there, victims were tricked into providing their recovery phrase, after which the attackers gained access to their wallet and stole their funds. Luckily, the Ledger team managed to disable most of the malicious domains and stop some of the transactions, temporarily nullifying the attack.

Although the required preventative measures were taken considerably quickly, hackers supposedly keep switching their URLs to maintain their illicit campaign. The company further released a tweet urging people to spread information about the ongoing attack and prevent more users from being deprived of their funds.

“While we notified the registrar and hosting services, you can help reducing the impact of the ongoing phishing scam – report those websites as malicious (f.e. on https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en).”

The websites pinpointed in the tweet are as follow:

  • xn--ledgr-9za.com
  • ledgersupport.io
  • loldevs.com

In their analysis, Kraken suggested several ways in which users can protect themselves from similar standard social engineering and malware schemes. These include reviewing suspicious emails and texts, maintaining one’s browser updated to the latest version, and using tools to verify if a site is a “punycode (a look-a-like to the original)”.

Lastly, experts suggested that clients should be wary of links and be cautious when asked to install software. They also warned users to never type their recovery words into anything, while also being mindful of surprises tuned in a “sense of urgency” and waiting for several days before providing any personal data.

Discussion
Related Coverage
Sam Bankman-Fried Found Guilty on All Charges
  • The New York Jurors took 4 fours of deliberating before pronouncing the former FTX CEO guilty of all seven charges of fraud and conspiracy to commit fraud.
  • Bankman-Fried will now have to appear in court on 28 March, 2024, where he will face a potential maximum sentence of 115 years in prison.
November 3, 2023, 8:54 AM
sbf

Former CEO of FTX Sam Bankman-Fried leaves the Federal Court in New York after pleading not guilty, 3 January, 2022.
lev radin/Shutterstock

Vitalik Says X Account Hacked Via SIM-Swap
  • Ethereum co-founder Vitalik Buterin has regained his T-Mobile account, which on Saturday was compromised by hackers and used to take over his X account.
  • On 9 September, hackers used a SIM-swap attack to take over Buterin’s X account, and siphon close to $700,000 in crypto by promoting a fake NFT giveaway.
DoJ Requests SBF’s Expert Witnesses be Barred From Testifying
  • The U.S. Department of Justice has expressed its concerns over Sam Bankman-Fried’s seven expert witnesses, and requested they be barred from testifying on the case.
  • The DoJ claimed most of the proposed experts lacked the necessary foundation for their opinions, making them unqualified to be an expert witness.