Ledger is investigating phishing scam that targets wallet users

Ledger is looking into an apparent impersonation scam after several of the wallet provider's customers reported on social media today that they had received phishing emails.  

Web developer Andreas Tasch shared the suspicious email on Twitter and asked the company why he hadn't received any information about his data being compromised. The message, which appeared to come from Ledger, said the Ledger Live service had been hit with a malware attack. 

"At this moment, it's technically impossible to conclusively assess the severity and the scope of the data breach. Due to these circumstances, we must assume that your cryptocurrency assets are [redacted] risk of being stolen," the email said before directing readers to click a button to download a new version of the software.

The hardware wallet firm experienced a data breach in late June which exposed customer information and over one million user emails. A Ledger spokesperson would not comment on whether apparent phishing attempts are related to the June data breach. 

A Ledger spokesperson told The Block the company has experienced "continuous phishing scams" that often involve "malicious false actors trying to compromise Ledger's integrity and customer information." The spokesperson said the company has deployed an internal task force to investigate the latest attack. 

"The investigation is ongoing and at this time we cannot give any additional information but one thing is for certain Ledger will never ask you for your 24-word recovery phrase, which is a blatant sign of a phishing scam," the spokesperson told The Block.