Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fake Data Breach Alerts Used To Steal Ledger Cryptocurrency Wallets

Fake Data Breach Alerts Used To Steal Ledger Cryptocurrency Wallets

A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients.

Ledger is a hardware cryptocurrency wallet that allows you to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and supports 12, 18, or 24-word recovery phrases used by other wallets.

Anyone who knows this recovery phrase can use it to access the funds that it secures. Therefore, recovery phrases must be kept offline and private so that cryptocurrency funds are not stolen.

Phishing campaigns target Ledger recovery phrases

In July 2020, Ledger suffered a data breach after a website vulnerability allowed threat actors to access customers’ contact details.

At the time of the breach, Ledger stated that they emailed the affected 9,500 customers and provided a dedicated email that can be used for more information about the attack.

Starting in October 2020, Ledger users began receiving fake emails about a new data breach from Ledger. The  email stated that the user was affected by the breach and that they should install the latest version of Ledger Live to secure their assets with a new pin.

“We regret to inform you that we have been alerted of a data breach affecting confidential data belonging to approximately 115,000 of our customers, which includes personal information, PIN-encrypted private and public keys, as well as the amount of each cryptocurrency stored inside the wallet,” the fake Ledger data breach phishing email reads.

Ledger phishing email about a data breach

These emails contain links to domain names using Punycode characters that allow the attackers to impersonate the legitimate using accented or Cyrillic characters. For example, a lookalike domain currently being used is https://ledģė, which, at a glance, appears to be the legitimate Ledger site.

Also Read: Website Ownership Laws: Your Rights And What These Protect

This fake site prompts users to download Ledger Live applications, as shown below.

Fake site

If a visitor downloads the mobile Ledger Live app, they will be redirected to the legitimate Apple and Google app pages. On the other hand, if they try to download the desktop version, it will download a fake Ledger Live application from the Ledger phishing site.

As you can see below, the fake Windows version [VirusTotal] is signed using a certificate for “Source Code Solutions Limited” (left), and the legitimate Ledger Live is signed as “Legder SAS” (right).

Side-by-side comparison of fake and legitimate Ledge Live downloads

When installed, the fake Ledger Live application is designed to be almost identical to the legitimate version, minus some choices when you startup the program.

When you launch the fake software, it will prompt you with two choices – ‘Restore devices from Recovery phrase’ or ‘Don’t have a Ledger device.’

Fake Ledger Live software

As the user reached this malicious site because the data breach notification told them to reset their PIN, most will click on the restore device option. When doing so, the application displays a screen asking you to enter your recovery phrase.

Fake Ledger Live asking for recovery phrase

After users enter their recovery phrase, the secret phrase will be sent back to the threat actors at the domain  Now that the threat actors have your recovery phrase, they can try to steal your cryptocurrency assets.

As some Ledger users add additional security in the form of a secret passphrase to their wallets, the phishing app will ask for that passphrase as well.

Asking for the secret passphrase

Once you enter the secret passphrase, the phishing application will now send both your recovery phrase and secret passphrase back to the attackers at

Sending stolen recovery phrase and passphrase to attackers

Armed with both the recovery phrase and the secret passphrase, the attackers can gain full access to your cryptocurrency funds and steal them.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

What should Ledger owners do?

First and foremost, never enter your recovery phrase or secret passphrase in any app or website other than Ledger Live downloaded from

As it is easy to create lookalike domains that impersonate legitimate sites, when it comes to cryptocurrency and financial assets, always type the domain you’re trying to reach into your browser rather than relying on links in emails. This way, you know you are going to rather than a site impersonating it.

Finally, disregard any emails claiming to be from Ledger stating that you were affected by a recent data breach. If you are concerned, rather than click on the link in these emails, contact Ledger directly for more information.

Ledger has told BleepingComputer that they plan on publishing a phishing status page next week to provide information about these attacks.

Thx to Andreas Tasch, Nicodaemos, and Craael for sharing their phishing samples.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us