- Ledger users are reporting suspicious phone calls originating from the UK, Sweden, and Austria.
- The hardware crypto wallet manufacturer's database was leaked in late December.
- This follows a series of threatening Bitcoin ransom emails similarly aimed at Ledger users.
Owners of Ledger hardware wallets have reportedly been receiving dozens of phishing phone calls after the manufacturer’s database was dumped on hacker sites, revealed Bitcoin advocate and tech entrepreneur Andreas Antonopoulos today.
As Decrypt reported in late December, over a million customer emails were stolen from Ledger and made publicly available on a hacker site. Shortly after the hack, some Ledger owners began receiving threatening Bitcoin ransom emails. But it looks like malicious actors decided to take it one step further and are resorting to actual phone calls.
“This is a new and more high-touch high-effort attack which is similar to the ‘Windows tech support’ scams that are run out of call centers in low-labor-cost countries,” Antonopoulos tweeted, adding, “While I had previously heard about social engineering attacks via email and SMS, I had not heard about these voice calls. It appears many have been receiving them for weeks.”
After the hack, Ledger CEO Pascal Gauthier told Decrypt that users who had their addresses leaked should not need to move house because scammers were more likely to run lower-cost phishing attacks, such as spoof emails or threatening messages. He also said that the firm won't be providing any compensation to those who had their data leaked.
After inviting other Ledger users to report similar suspicious calls, Antonopoulos later revealed that he received information about dozens of such interactions, with calls appearing to originate from all over Europe, including the UK, Sweden, and Germany.
“I can only confirm. Several calls every day since 8th is January. First mostly from Sweden, wanted to help to invest in crypto (‘we help you buy when cheap, and sell when expensive’ :)) ) last two days calls from Austria, and one other which I don’t remember,” tweeted Wojciech Krawczyk.
While many users just ignore calls from unknown numbers, some are even going so far as to switch to a new phone number—but that is not a magic bullet against scammers, Antonopoulos warned.
“This is a double-edged sword—if you switch numbers, your old number is available and might be hijacked to impersonate you. You must make ABSOLUTELY SURE you have removed it from everywhere before you switch,” he wrote.
This is the idea that the scammers could take ownership of your old number and then use that to pass two-factor authentication that relies on the mobile number—which would be an easy way to lose money.