Crypto Scammers Impersonate Ledger Support And Drain Customers Funds

The controversial collapse of the once trusted crypto derivatives exchange FTX, shook the crypto community's faith in centralized custodians, leading them to hold their crypto assets in self-custody, which reduces their exposure to risky third parties and attenuates the risk of losing funds in the event the exchange collapses.

Ledger, a Paris-based company responsible for developing hardware wallet technology, reported a massive influx of customers following the FTX collapse. "After the FTX earthquake, there's a massive outflow from exchanges to Ledger security and self sovereignty solutions," Charles Guillemet, Ledger CTO, said in a tweet on November 9.

A Twitter user - @txazgirl, is among those who "kept hearing how safe it is to move crypto offline," so she "ordered one." Before Ledger, the Twitter user had been using Coinbase Wallet, a self-custody crypto wallet that gives users total control of their crypto, and admitted that she was doing fine on her own with that wallet.

Ledger works just like the Coinbase Wallet, but the main difference is, it is offline, which means it allows users to store their private keys on a USB-enabled device that is not connected to the Internet. On December 7, the Twitter user tried using Ledger but encountered an issue and could not get her staked Shiba Inu to appear in her crypto wallet.

She left a question on the official Ledger Support Twitter account about the issue she encountered and a few minutes later, someone from Ledger Support contacted her via direct message. What followed was the victim receiving a direct message from someone posing as a Ledger Support representative, explaining to her that she might be experiencing a "glitch" and that she needed to "re-sync" her Ledger.

The phony Ledger Support representative provided @txazgirl with a link that comes with a box asking for her seed phrase. When she questioned about the box for the seed phrase, the scammer explained that it "was necessary" since the Ledger has to be "re-synced."

The malicious actor also asked the victim the wallet she was moving the assets from, which is her Coinbase Wallet, and said they needed to "sync" it as well.

"They stole approximately $130,000 worth of crypto. I noticed pretty quickly, but not immediately that something was way wrong. They disappeared from the chat, and then I saw what was happening," @txazgirl told International Business Times in an exclusive interview.

The same happened to another Twitter user who is known by the handle @LdnParris and lost his funds between December 14 and 5. The scammer claimed to be Alex Zinder from Ledger Support and most likely picked the victim from the official Ledger Support when he, like txazgirl, left a comment on the account.

"I was trying to stake my Solana on Ledger Live, but I kept on getting error messages saying that my internet connection seems to be down, so I sent a tweet to the real Ledger support on this," the Twitter user told IBT. "I lost £9,000 to the market with the fall in price and another £2,000 to the scammers," the Twitter user revealed, noting that the funds he lost to the scammer consisted of Solana and Ethereum.

Both victims reported the incidents to the official Ledger Support via email and Twitter user LdnParris shared with us the screenshot of the email response from Ledger's tech customer specialist.

"I am very sorry to hear about your situation. Scammers continue to be a major issue throughout the entire crypto space, and no matter how many fake accounts and websites we get taken down, it seems like ten more pop up to take their place," the customer specialist said who also confirmed that the website he visited is indeed a scam website "designed to steal users' recovery phrases."

After promising that the incident was reported to the brand protection team so the website gets taken down, the customer support advised the victim to "pursue legal action by reporting this incident to either your local police department or by submitting a complaint through the FBI IC3 website."

International Business Times reached out to Ledger for official comment about these two separate incidents but we haven't heard from them since.

"Ledger has a lot of training on their website. They are a company that I look at as providing a lot of good information about cryptocurrency to potential customers and cryptocurrency buyers and users," said Larry Nielsen, an active law enforcement detective in Florida with years of experience investigating financial crimes.

"Ledger also posts articles on current scams such as phishing where scammers pretend to be from Ledger. From my personal point of view, they try to keep the public educated. I mean, their entire business model is about providing customers with solid secure storage for their crypto. Of course, they also want to keep them safe from scams," Nielsen, who is also a Certified Fraud Examiner (CFE) and a Cryptocurrency Tracing Certified Examiner (CTCE) noted.

"Cryptocurrency transactions are not reversible. If you get your cryptocurrency stolen you have to hope that you can connect with law enforcement that knows how to trace crypto and investigate these cases or knows someone who does," the crypto investigator said.

Nielsen also offered professional advice on what victims should do if they find themselves in a similar situation.

"If you discover that you have been the victim of a crypto scam/phishing site take note of the site name and get into your device as soon as possible from a safe source, change your passphrase, and note the transaction hashes and receiving wallet addresses of any crypto stolen from you," he said.

"The receiving wallet address would be the address that your crypto was sent to. Note the type of crypto and the amount of crypto that was stolen and the date of the transaction. Record that information with the related transaction hash(es) and receiving wallet address(es)," he added.

"That information will be invaluable to any law enforcement investigator who will be tracing transactions and attempting to locate your stolen crypto. Whether you think they will help or not, contact law enforcement directly, make a report, provide all of that specific information in the report and document the report number," Nielsen noted.

"The chance of any potential recovery lessens with each day that passes so do this immediately. Make a report to the FBI Internet Crimes site ic3.gov as well immediately. The submissions are monitored. Make a report to the Federal Trade Commission on FTC.gov," the detective said.

Nielsen also cautioned victims against hiring a cryptocurrency recovery company available on Google.

Finally, Nielsen advised that users should "not connect their non-custodial crypto wallet to any site that you are not 100% sure is legit. When in doubt, don't connect your wallet. Specifically in the case of Ledger, never enter your Ledger passphrase or recovery seed phrase on any site from a link you click on. Only use it with your designated Ledger device and software when needed."