- Scammers are impersonating Ledger, pushing a fake update
- The fake Ledger email asks you to download a new Ledger Live app
- The fake Ledger app will steal your seed phrase and all your crypto!
Scams in the crypto world are often fairly easy to spot a mile off, but despite this, a LOT of people still fall for them. So, when a more well written and highly polished scam comes along, it usually does very well in terms of harvesting the data that the scammers want.
In the latest well written phishing scam, scammers have impersonated Ledger, claiming that there was malware on a Ledger Live server and that you need to click the link to update your software. Newsflash – it’s fake news.
Don’t Click the Link
Whenever you get an email and it has grand claims like this, you need to automatically enter suspicious mode. Check the domain that the email is coming from and check it against the actual domain. Companies will always send emails using their actual domain name, so when this doesn’t match up, you should automatically delete the email. This phishing scam came from [email protected], but that’s not the Ledger URL, meaning it’s a scam.
⚠️ WARNING! ⚠️
I just received an email from “Ledger” saying that my funds are at risk and that I need to download their app again.
This is a phishing scam, DO NOT DOWNLOAD ANYTHING FROM THIS EMAIL! ✋ pic.twitter.com/s3sLWaBfl0
— The Moon 🌙 (@TheMoonCarl) October 25, 2020
Next up, we come to the link. This link will start the download of an app that reads like the Ledger Live app, and you’ll see a screen that looks just like the app. However, as soon as you try to restore your Ledger wallet, it will record your seed phrase and you’ll lose all your crypto. So, do yourself a favor, don’t click the link.
But What Happens if it’s True?
If Ledger was to suffer some malware on its servers and you were required to update your Ledger Live app, it would be done automatically the next time you open up the app. The app communicates with the servers directly, and this is how you’d get updates for it. So, if there is a hack or something on Ledger’s servers, then anything you had to do would be automated.
Additionally, even if Ledger’s servers were compromised, as long as you don’t share your seed phrase with anyone, your crypto CANNOT be stolen. We repeat, if you don’t share your seed phrase your crypto CANNOT be stolen. So, whatever you do, make sure you never, ever enter this phrase unless you’re 100% certain that it’s the legitimate Ledger Live app.
I Clicked the Link…
If you saw the email, freaked out and clicked the link, then you probably should get some professional help with a psychologist and find out why you’re so terrified of these types of emails. If you don’t understand how wallets work and how secure they are, then you probably should take a course and learn before you buy back into crypto.
If you clicked the link, that’s on you, not Ledger and not us. Ledger will not be able to get your funds back because you shared your seed phrase with a scammer. You can kiss your crypto bye, bye because that’s never coming back.