Immediate help

Warning: wave of fraud around Ledger - how to protect your crypto assets

More and more crypto investors are reporting cases of fraud involving Ledger and Ledger Live. Phishing, fake update emails, manipulated devices or fake supports are aimed at stealing the recovery phrase - with expensive consequences for those affected. In our latest article, you can find out which scams are currently circulating, how you can effectively protect your crypto balance and what legal steps you can take in an emergency.
Share:

In recent months, there have been an increasing number of reports of attempted fraud in connection with Ledger and Ledger Live wallets. Cyber criminals are taking an increasingly professional approach - from fake emails and manipulated hardware to malware on PCs and smartphones. The aim is always the same: to gain access to the Recovery phrase (24 words) or to obtain the wallet's private keys.

For those affected, the path to restoring their assets is often difficult. Crypto Investigation supports injured parties in reconstructing their losses and asserting claims.
Below we show you which scams are currently circulating - and what measures you can take to protect yourself effectively.

Common forms of fraud with Ledger and Ledger Live

1. phishing and fake update requests

Deceptively genuine-looking emails, allegedly from "Ledger", ask users to install a new version of Ledger Live or to carry out a "security update".
The messages contain buttons such as "Verify Now" or "Secure My Account" that lead to fraudulent websites asking for the 24-word phrase.
Particularly dangerous: Fake ledger apps are in circulation under macOS that replace the original application and prompt users to enter the phrase.

2. the "ledger letter scam" - fake mailings

Fraudsters are sending letters that look like genuine ledger messages. They contain QR codes or links to fake pages on which users are supposed to "validate" or "update" their wallet.
Ledger itself explicitly points this out, never send letters with such requests.

3. telephone fraud and social engineering

In some cases, users are contacted by telephone. The callers pretend to be Ledger employees and claim that the account has been compromised. Those affected are then asked to call up a website or enter their recovery phrase.
Ledger contacts customers never by telephone and asks never after the recovery phrase.

4. manipulated software and apps

Fraudsters are distributing fake versions of Ledger Live that appear legitimate at first glance, but secretly read out the seed phrase.
Browser extensions or third-party apps that imitate ledger functions are also in circulation.
In some cases, manipulated devices are discovered in circulation - apparently in their original packaging, but technically modified. If a seed is generated on such a device, it is already compromised.

5 "Address poisoning" - the poisoned address

Attackers send small amounts of cryptocurrency or NFTs to wallet addresses in order to create a "familiar" transaction history. If this manipulated address is later accidentally used for their own transactions, the funds go directly to the perpetrator.

6. clipboard manipulation

So-called "clipboard stealers" (e.g. EthClipper) modify the computer's clipboard. When a target address is copied, it is replaced unnoticed by a foreign address. Users then unknowingly transfer money to the attacker.

7. fake support and alleged recovery services

Fraudsters offer supposed "ledger support" or "wallet recovery services" on social networks or in adverts. There are no official bodies behind these offers - the sole aim is to persuade users to disclose their access data or confirm manipulated transactions.

Legal options for injured parties

  1. Press criminal charges:
    Any loss should be reported to the police immediately - with all available evidence such as emails, screenshots or letters.
  2. Blockchain analysis:
    On-chain analyses often make it possible to trace to which wallets the stolen coins were transferred.
  3. Check civil law claims:
    In certain cases, service providers, intermediaries or platforms may be liable - for example, in the event of inadequate security advice or organisational negligence.

Immediate measures in the event of suspected compromise

  1. Call in experts immediately - Ideally from the fields of IT forensics and crypto law.
  2. No longer carry out transactions via the affected wallet.
  3. Create new wallet offline and generate a fresh seed.
  4. Transfer available funds immediately to a secure wallet.
  5. Authorisations (dApps, smart contracts) check and revoke

Protective measures & best practices

  • Ledger devices exclusively at the Manufacturer or authorised dealers buy.
  • Firmware and software only via official sources refer.
  • The Never enter or save a 24-word recovery phrase digitally - it belongs exclusively on the device itself.
  • Suspicious of emails, phone calls or post with urgent requests.
  • Check domains carefully - It often only takes a spelling mistake ("legder", "ledqer") to fall into the trap.
  • Regularly the Authenticity of the device according to the ledger instructions.
  • Do not install any third-party apps with ledger functions.
  • Antivirus programmes and monitor the clipboard.
  • Smart Contract and dApp authorisations regularly and revoke it if necessary.

Where can I get help?

Retrieve cryptos

For those affected by crypto fraud, qualified advice from crypto forensics experts, such as the Krypto Investigation GmbHas well as by experienced lawyers.

Dr Rogert from the law firm Rogert & Ulbrich Attorneys at Law in Partnership mbB has already successfully supported numerous clients in dealing with crypto fraud cases.

Table of Contents
Read more...
Immediate help
Immediate help
Call Contact us