False data breach used to hijack cryptocurrency wallets

Cybercriminals have launched a new phishing campaign targeting Ledger wallet users who use fake data breach notifications to steal their cryptocurrency.

Ledger makes physical cryptocurrency wallets that allow users to store, manage and sell cryptocurrencies like bitcoin. The funds stored in the company’s wallets are secured using a 24-word recovery phrase although its devices also support 12, 18, or 24-word recovery phrases used by other cryptocurrency wallets. Since a wallet recovery step can be used to access a user’s funds, they must be stored offline and not shared with others to prevent cryptocurrency from being stolen.