If you have any online footprint related to crypto, you probably got a phishing email at once.
Ledger wallet owners have been under attack from scammers through most of 2020. Ledger wallet customers have been debating whether Ledger sold their data, but it seems Ledger is actually not to blame.
Either way, this is crypto. Blaming anyone won’t sort out anything for you.
In this article we are going to list out the most common crypto phishing techniques you’ll come across on Telegram and in your mailbox. Then will briefly explain why they work even though EVERYONE knows they should not click on unknown links in emails.
And lastly we are going to give you a list of easy and non-technical ways to protect yourself against phishing in crypto.
Crypto Phishing Techniques in 2020
Email & Reddit: Ledger Wallet Phishing
The Ledger phishing campaign is most active via e-mail and on the official Ledger Reddit forum,
The emails will typically come from an email address such as
legder.com. This is a misspelling of “ledger” which is barely noticeable at first glance.
The emails look like legitimate Ledger emails. Typically they urge you to download a security update.
The Ledger scam exists in many variants.
There will be a link in the email for sure. Clicking it may take you to a web interface that will ask for your wallet seed.
Alternatively, it may download a malicious copy of the Ledger Live application that will, again, steal your seed.
Telegram & Reddit: Bitfinex & Other Exchange Support Staff Imposter
Bitfinex is one of the crypto exchanges that runs an active Telegram group.
In the infancy of crypto trading, it was common to ask for support staff via Telegram. Since 2020, that is one of the worst mistakes you can do.
Instead of a support member, you will be contacted by a rando who uploaded the exchange logo into their Telegram avatar.
Anyone can do that, but at first glance it will make your rando look like a staff member. If you are looking for support staff, chances are you are upset with an account issue and you will not question anything.
The Telegram imposter will typically try to get your account credentials.
Alternatively, they may ask you to send some bitcoin to unlock your account. They will phrase it quite reasonably as a returnable transaction necessary to prove your ownership of a crypto address.
Email: Electrum Wallet Update Scam
Electrum is an OG Bitcoin wallet.
It has a number of advanced functions and as a rule is not used by the majority of current crypto investors.
However, Electrum is still the crypto wallet of choice among early adopters. Back in the day there were simply no easy-to-use Ledger or Exodus wallets.
Early adopters often hold what now is a lot of money. At the same time they are not keeping up with the crypto tech. They just have the money sitting there in an Electrum wallet.
The Electrum wallet update scam leverages that.
It counts on people not remembering that Electrum accounts are anonymous - that Electrum doesn’t know your email address.
The phisher sends you an email urging you to download a new Electrum wallet update via a link the email.
The installed software will look like an Electrum wallet. It will prompt you to retype your wallet seed. The seed will be sent to the phisher who will then take your money.
How do phishers know your email address?
Contrary to Reddit conspiracy theories, crypto companies like Ledger or Coinbase do not typically sell your data. There have been breaches that leaked email addresses along with physical addresses, though.
If you ever signed up for an airdrop or ICO, your email was almost certainly sold by those folks though. You can check that by using single-serving burner email addresses for airdrops and ICOs, such as
firstname.lastname@example.org. This way you’ll know exactly who sold you.
If you run a crypto related blog, your domain email addresses are of course on every phisher’s list.
Crypto phishers will also go for emails from breached tech industry apps or CRM, as the overlap with crypto holders is quite high there. Breached databases are sold on the darknet. You can check if your email is in them via HaveIBeenPwnd.
As CRM software is so often the target, you may find that your email was pwned even though you never signed up at any breached app. CRM apps mine contact information via scraping the internet, they have data about you without your knowing it.
Why do so many people fall for phishing
We all know we should not click links in unexpected emails. It has been hammered into our heads for the past twenty odd years.
So why do we still fall for phishing?
We are stressed out
Crypto exchange support imposters leverage this quite well.
If you are urging an exchange support representative to notice you, chances are you locked yourself out of an exchange account where there’s a lot of money in open positions or in lending.
Maybe your laptop died and you lost access to both your email and your credentials. Maybe your phone died and you lost your 2FA access.
You are not thinking straight in a situation like this.
If a support rep actually gets back to you, especially if you know what a rare occurrence that is in the crypto industry, you will not question whether it is a legitimate staff member at all.
We are not paying full attention
Scrolling through social media or emails is the default thing we do when we have a few seconds to spare.
For most of us, checking the notifications is in fact the first thing we do in the morning, while we are still in bed.
It is extremely easy to click on anything that looks somewhat plausible when you are not even fully awake.
It is just as easy to click if a phishing email comes during the day as you are bombarded with work requests, while off-screen your kids are shouting at you and your spouse wants your opinion on something.
The scam sounds like it wants to help us
This is most dangerous in work setting.
Chatting with clients or coworkers primes you to understand every incoming email as work communication.
This is what helps the wallet update scam emails look legitimate: They sound technical, just like your work communication may sound. They are urging you to protect yourself, just like your IT department may have just a while ago.
If the phishing email sounds just like the type of email you normally get on a Tuesday morning from your company, you are more likely to click.
How to protect yourself against phishing
From the breakdown of how phishing scams get us it should be quite clear that the secret to protecting yourself is not in your tech stack.
The solution against Ledger and other scams is not technical. It is in managing your attention.
So, what exactly can we do to protect ourselves from crypto phishing? There is a couple of really easy non-technical hacks.
Stop doing your emails while half awake
Set yourself a rule to postpone any communication that requires more than
no until you have been awake for at least one hour.
Update your wallets weekly and ignore any security emails
Block 20 minutes every week in your calendar. Dedicate it to opening your Ledger Live and downloading any updates to both the Ledger Live app and the hardware wallet software.
You can do that directly from a notification inside the app. No need to wait for an email.
You can now do the same in an Electrum wallet. Since the 4.0.x versions, Electrum gives you a clickable notification about a new version. It looks like this:
Check your wallet updates weekly and safely ignore any update alerts that land in your mailbox.
Count to five before you click
Most of us will stop short once a scammer asks us for “small bitcoin transaction that will be returned once your account is unlocked”.
Classic phishing right there. This request is so well known that most of us will realise what we are falling for right on the spot.
But when it comes to security updates or other type of request that we know as usually legitimate, we do not question them.
Taking a few seconds before clicking on anything in an email related to crypto is often enough to notice the warning signs and refrain from clicking.
This relates to the last rule we will list in this article:
If somebody wants to help you, they are probably a scammer
In crypto, this is a good all-rounder.