"Hardware Wallets Also at Risk"...Ledger Warns of Rising Recovery Phrase Scams

▲ Virtual Assets, Cryptocurrency Wallet/ChatGPT Generated Image

Hardware wallet manufacturer Ledger has issued an urgent security warning to users worldwide about the risk of asset theft, stating that "sophisticated scams targeting recovery phrases are spreading."

According to crypto media outlet U.Today on April 28 (local time), security solutions company Ledger announced that fake accounts impersonating its customer support team have recently been active on social media platforms. Scam organizations approach users under the guise of solving wallet synchronization issues or providing security update support, reassuring them, and then naturally demand the 24-word recovery phrase during the conversation, thereby seizing control of the wallet.

Such fraudulent activities are concentrated on online communities, including X (formerly Twitter). Attackers use profile pictures and names that are difficult to distinguish from official accounts to feign credibility. In particular, they often comment below official posts, acting as if they are insiders, and redirect users to phishing sites. The moment a user enters their recovery phrase into such a link, all virtual assets are immediately transferred to the attacker's wallet.

Ledger emphasized that under no circumstances do employees or affiliates ask users for their recovery phrase. The recovery phrase must always be entered only on the device itself while offline, and taking photos or digitally storing it was identified as an act that increases hacking risk. A Ledger official stated, "Not sharing your recovery phrase with anyone is the most fundamental and powerful security principle for protecting your assets."

Recently, there has been an increase in cases where accounts with official verification marks, such as blue checks, are used to boost credibility. Methods using AI-based bots to generate a large number of comments to cloud user judgment have also been confirmed. If you receive a suspicious message, do not click on the link, and always verify the facts through the customer support channel on the official website.

As the virtual asset market expands, social engineering attacks targeting individual investors are becoming more sophisticated. The security of hardware wallets can also be neutralized depending on whether users adhere to basic rules. Information from social media should always be verified before acceptance, and an awareness that the ultimate responsibility for asset protection lies with oneself is required.

*Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*