You may have heard about the recent phishing attempt against Ledger cryptocurrency hardware wallet customers. An email was sent to customers informing them that their Ledger assets may have been compromised. The email stated, “Our forensics team has found several of the Ledger Live administrative servers to be infected with malware.” While it looked quite believable, it was in fact a phishing attempt to steal customer data.
Phishing attacks are unfortunately quite common and hackers are becoming more sophisticated at creating emails that resemble those of official companies. It is for this reason that we’d like to remind you of a few safety tips to keep in mind when it comes to keeping your coins safely stored within your hardware device.
KEEP YOUR 24-WORD RECOVER PHRASE PRIVATE
It’s important to remember that your 24-word recovery phrase is for your eyes only. If someone has access to this phrase, they also have access to your funds and the ability to move/steal them. Please make sure you aren’t sharing your recovery phrase with anyone else, and that you are storing it safely offline.
If you receive communication from your wallet manufacturer or us asking for information, please ensure you double check and verify the web URLs and email addresses. Look out for unusual spelling and accents within the names. For reference, our official addresses are:
A good practice to get in the habit of is bookmarking verified sites that you normally need to input sensitive information, and only access them via that bookmarked link.
If you do happen to receive an email that looks like a scam, we recommend that you report it and mark it as spam to avoid receiving emails from the same address in the future.
If you have bought directly from Ledger, please be aware they have confirmed that users’ payment information and crypto funds are safe. An internal task force has been deployed to investigate the latest phishing attack and they have stated that “The investigation is ongoing and at this time we cannot give any additional information but one thing is for certain: Ledger will never ask you for your 24-word recovery phrase, which is a blatant sign of a phishing scam. Ledger encourages customers to exercise caution as phishing attacks become more sophisticated and to alert Ledger’s customer support team and consult Ledger.com for more information on the detection of scams.”
If you have bought a Ledger hardware wallet from Coinstop, your data has NOT been exposed to potential phishing attacks. However it is always good to implement the above safety tips to ensure that you are safely storing your coins and sensitive data away from attackers.
If you have any questions or concerns please feel free to reach out to us.