Our team has spotted new phishing websites appearing on Google search results pages. Scammers are targeting Ledger users with surprisingly tricky advertisements.
We all like crypto because its secure: you’re in complete control of your money. As long as you have control of your private keys, you’re in control of your money. However, if you accidentally give away access to your private keys – like via a phishing website – then your money can quickly disappear.
Here’s what the latest Ledger phishing advertisements look like in the wild:
Scammers appear to be targeting people who type Ledger’s official website (Ledger.com) into the search bar. If you leave off the last ‘m’ in .com accidentally, then you’ll arrive at the search results page for Ledger.co. The page has two suspicious websites.
The first website, Leedger.info, is a paid advertisement. The scammer has paid to have a top listing for this search term. It’s the first result that pops up when you search Ledger.co.
The second website, meanwhile, is Ledger.co. At first glance, it may seem like the official Ledger website.
However, Ledger.co is not the official Ledger website. It’s a clone website that targets Ledger users with an authentic-looking interface.
The website tries to convince you to enter your recovery seed (the 12 or 24-word passphrase you created when setting up your Ledger wallet). If you enter your recovery seed into Ledger.co, then your money will almost certainly be stolen.
Meanwhile, the first website – Leedger.info – redirects to the second fraudulent website, Ledger.co, which tells us it’s likely the same group of scammers.
How the Ledger.co Scam Works
Someone has invested significant time into making Ledger.co look as legitimate as possible.
The main goal of the website is to direct users towards this page: Ledger.co/webwallet
That page asks for your 12-word, 18-word, or 24-word recovery seed. Ledger.co encourages you to restore Ledger device keys using your phrase. All you need to do is enter your recovery seed.
The page asks you for the number of words in your recovery seed. Then, you enter the recovery seed and press ‘Continue’.
At that point, the scammers have successfully scammed you, and you no longer have access to your private keys. Your money has been restored in someone else’s wallet.
The website has other pages listed on the sidebar, including links to your portfolio, accounts, send, receive, and settings. However, none of these links are clickable. The webwallet page is the only accessible page on the website.
Interestingly, Ledger.co sometimes redirects to the official Ledger.com website actiing as if it is the official Ledger wallet site.. The Ledger.co domain seems to automatically redirect users to Ledger.com, although visiting the Ledger.co/webwallet subpage takes you to the phishing scam.
Who’s Behind the Scam?
The Leedger.info domain name was registered just last week on November 13, 2019.
The domain uses the nameservers a.dnspod.com and b.dnspod.com.
The scammers who created the website used a Russian domain registrar, which suggests that they’re based in Russia. All information about the registrant is completed protected.
Ledger’s Official Website is Ledger.com
Always check the official website before entering any crypto-related information into a website. Generally, you’ll never have to enter your private keys or recovery phrase into a web form.
If you have lost access to your funds in a wallet, then you can use your recovery seed to regain access to those funds.
Always double and triple check before entering your seed phrase into any website or app to restore your funds. Make sure you’re using the official version of the app downloaded from a reputable source – like the Google Play Store or iOS app store.
Phishing scams like this can be surprisingly tough to spot – even for experienced crypto users. Stay safe out there and always triple check before entering any seed phrase information anywhere.