Hardware wallet company Ledger’s 2020 data breach taken another round. Scammers are sending fake hardware wallets to people whose data gathered via a third-party data breach. Inside the package, there is a brand new Ledger X and a letter attached.
In the data breach, 1,075,382 email addresses were stolen who subscribed to the ledger newsletter. It also involved the leak of personal information associated with 272,853 hardware wallet orders.
In a post on Reddit, a Ledger user shared a devious scam. He shared receiving photos that look like a Ledger Nano X device in the mail.
The scam is ambitious. In May, scammer who appeared first went as far as soldering additional hardware to a housing of Ledger Nano-wallet and packing in ledger box. The recent iteration adds an additional facade of a sealed pouch with Ledger Logo on it. It also shrinks wrapping, so the box itself appears as if it was never opened.
In a Ledger blog post explaining the scam company said, the box includes a fake letter explaining the “need to replace your existing hardware wallet to secure your funds. This is a scam; the ledger Nano is fake.”
“We are aware of this scam, which we have included in our list of ongoing malicious attacks on our website,” said Matt Johnson, Ledger Chief Information security officer.
Also Read: Metamask Warning Of a New Phishing Scam
“If you receive a free product in the mail that did not order, you should be suspicious and check ledger official channels or contact ledger team support.”
Johnson added that Ledger and Ledger live will never ask users to share their 24-word recovery phrase. The Ledger communicates securely through Ledger Live, never by mail or phone, and the company would never mail anything to users’ addresses without their consent.
