"Hardware Wallets Are Also At Risk"...Ledger Warns of Rampant Recovery Phrase Scams

▲ Virtual assets, cryptocurrency wallet/ChatGPT generated image

Hardware wallet manufacturer Ledger has issued an urgent security warning to users worldwide regarding the risk of asset theft, stating that "sophisticated scams targeting recovery phrases are spreading."

According to crypto media outlet U.Today on April 28 (local time), security solutions company Ledger recently stated that fake accounts impersonating its customer support team are actively operating on social media platforms. Scam organizations approach users under the guise of solving wallet synchronization issues or providing security update support, reassuring them, and then naturally demand the 24-word recovery phrase during the conversation to seize control of their wallets.

Such fraudulent activities are concentrated on online communities, including X (formerly Twitter). Attackers disguise their trustworthiness by using profile pictures and names that are difficult to distinguish from official accounts. In particular, they often comment below official posts, acting as if they are internal personnel, and direct users to phishing sites. The moment a user enters their recovery phrase into such a link, all virtual assets are immediately transferred to the attacker's wallet.

Ledger emphasized that under no circumstances will its employees or affiliates ask users for their recovery phrase. The recovery phrase must only be entered into the device itself while offline, and taking photos or digitally storing it was pointed out as actions that increase hacking risks. A Ledger representative stated, "Not sharing your recovery phrase with anyone is the most basic yet powerful security principle for protecting your assets."

Recently, there has been an increase in cases where accounts with the official blue checkmark are used to enhance credibility. Methods involving AI-powered bots generating large numbers of comments to confuse user judgment have also been identified. If you receive a suspicious message, do not click on the link, and always verify the facts through the customer support channel on the official website.

As the virtual asset market expands, social engineering attacks targeting individual investors are becoming more sophisticated. The security of hardware wallets can also be compromised depending on whether users adhere to basic guidelines. Information from social media should always be verified before acceptance, and an awareness that the ultimate responsibility for asset protection lies with oneself is required.

*Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*