“Data Breach Notice” Ledger scam

“

“Data Breach Notice”  fake Ledger email is an attempt to hijack crypto wallet from Ledger users. There are variety of emails circulating, however all use basically same scam technique

The might email looks like this : 

 

 

Dear Giedrius Majauskas,

We are writing to inform you of a serious security incident at Ledger. On February 20th, 2025, an unauthorized party gained access to administrative credentials, resulting in a data breach affecting approximately 320,000 Ledger devices. Our records indicate that your device, associated with the address below, may be impacted:

[Address Redacted]

Analysis suggests that attackers are exploiting a firmware vulnerability, potentially endangering customer assets. We have confirmed reports of unauthorized transactions linked to a wallet identified as the “Ledger Exploiter Wallet.” Due to the hardware-based nature of Ledger devices, we are unable to intervene directly to halt these transactions.

To safeguard your funds, we urgently request that you update your device’s firmware to the latest version. Instructions and resources are available via the link below.

For additional support, please contact our team at [email protected].

Regards,
The Ledger Security Team

There are following signs that email is completely fake: 

1. Email address used to send email is not from Ledger domain. This is sure sign for scams
2. Data breach does not require firmware update. In fact, if you have used Ledger wallet correctly, the company has no data about your wallet address. 
3. The link in email leads to 3rd party domain (firmware-server[xx] or similar) that is not ledger, even if some of the links in text belong to Ledger. 

Once you click on such links, one of 2 possible outcomes can happen: 

1. You will be asked to enter your recovery phrase, which would allow scammers to steal the funds from your ledger. Differently from regulat wallet, Ledger wallet is just a fancy USB key that stores recovery phrase and software to sign your transactions, so as long as recovery phrase leaks, your wallet can be accessed. 
2. You will be asked to install software to update your wallet. In fact, it would be some sort of trojan that would look for Wallet access automatically and submit it to malware servers. 

 

1. If you have downloaded any software, please scan with AntiMalware programs. I recommend using Malwarebytes Anti-Malware or spyhunter, but the most important thing is ensure that your PC is clean. 
2. If you have entered Seed (recovery) phrase anyware, the funds might be already gone. Such scam websites use automatic software that can access wallets and transfer funds automatically, and chances of success is low. You have to create another, secondary wallet and move from your Ledger device to it, and then fully reset your Ledger device. For secondary, temporary wallet I recommend https://trustwallet.com , which I use on my phone sometimes. After funds (if you manage to move them) are moved,  you have to reset your Ledger device using instruction on site, However, do not recover your old wallet, but create a new one!. If everything is right, you can move the funds back to the Ledger device.