If you have any online footprint related to crypto, you probably got a phishing email at least once.
Ledger wallet owners have been under attack from scammers through most of 2020. Ledger wallet customers have been debating whether Ledger sold their data. Ledger finally admitted in December 2020 that the company suffered a data breach in July 2020 and customer data are being sold online now.
In this article we are going to list out the most dangerous phishing techniques you’ll come across.
We are also going to touch on the subject of why phishing works even though EVERYONE knows they should not click on links in suspicious emails.
And lastly we will give you a couple of easy tricks to improve your protection against phishing. They are not anything technical.
Crypto Phishing Techniques in 2021
Email & Reddit: Ledger Wallet Phishing
Since mid 2020, the Ledger phishing campaign has been most active via e-mail and on the official Ledger Reddit forum,
The emails will typically come from an email address such as
legder.com. This is a misspelling of “ledger” but it is barely noticeable at first glance. The email contents looks like legitimate Ledger emails.
The Ledger phishing scam exists in several variants.
- Typically the phishing urges you to download a security update for your Ledger wallet. It will offer a button for you to click to get the update.
- In some variants of the phishing, the link will take you to a website that will ask for your crypto wallet seed. Once you enter your seed there, you lose your crypto.
- Alternatively, it may download a malicious copy of the Ledger Live application that will steal your seed through a more sophisticated method. This is essentially a malware.
What you need to know: Ledger never asks for your seed in any website interface. Updates to Ledger Live can be downloaded through a note that appears inside the Ledger Live app when an update is available. Do not download software from an email link.
Email Exodus Wallet Phishing
Early in 2021, a new phishing campaign appeared. This time the emails target Exodus wallet owners.
The strategy is the same as with Ledger phishing: You get an email that urges you to download an update.
Crypto users who sign up with a unique email alias for each service or account can verify that the address to which the Exodus phishing email is delivered is the same as the one that leaked in 2020 Ledger data breach.
What you need to know: Exodus is a free software wallet that you can download anonymously. Exodus does not know your e-mail address. Any email that claims to be from Exodus is scam and phishing.
Telegram & Reddit: Bitfinex & Other Exchange Support Staff Imposter
Bitfinex is one of the crypto exchanges that runs an active Telegram group.
In the infancy of crypto trading, it was common to ask for support staff via Telegram. Since 2020, that is one of the worst mistakes you can do.
Instead of a support member, you will be contacted by a rando who uploaded the exchange logo into their Telegram avatar.
Anyone can do that, but at first glance it will make your rando look like a staff member. If you are looking for support staff, chances are you are upset with an account issue and you will not question anything.
The Telegram imposter will typically try to get your account credentials.
Alternatively, they may ask you to send some bitcoin to unlock your account. They will phrase it quite reasonably as a returnable transaction necessary to prove your ownership of a crypto address.
Email: Electrum Phishing Scam
Electrum is an OG Bitcoin wallet. It has a number of advanced functions and as a rule is not used by the majority of new crypto investors. However, Electrum is still the crypto wallet of choice among early adopters.
The Electrum wallet update scam targets long-term holders who are not keeping up with the tech but probably hold what is now a lot of money.
The Electrum phishing email urges you to download a new Electrum wallet update via a link the email.
The installed software will look like an Electrum wallet and will ask for your wallet seed. The seed will be sent to the phisher who will then take your money.
What you need to know: Electrum is a free software wallet that you can download anonymously. Electrum does not know your e-mail address. Any email that claims to be from Electrum is scam and phishing.
How do phishers know your email address?
Stable crypto companies like Ledger or Coinbase do not typically sell your data. There have been breaches that leaked email addresses along with physical addresses, though. Ledger suffered a breach in July 2020. You can check if your email is affected via HaveIBeenPwnd.
Crypto phishers will also go for emails from breached tech industry apps or CRM, as the overlap with crypto holders is quite high there. Breached databases are sold on the darknet. You can check if your email is affected via HaveIBeenPwnd.
Airdrop and ICO people do often sell their email databases. You can check if your email is affected via HaveIBeenPwnd.
If you run a crypto related blog, your contact email addresses are on every phisher’s list.
Even if you do everything right, you may find that your email was pwned even though you never signed up at any breached app. CRM apps mine contact information via scraping the internet, they have data about you without your knowing it.
Why do so many people fall for phishing
We all know we should not click links in unexpected emails. It has been hammered into our heads for the past twenty odd years.
So why do we still fall for phishing?
We are stressed out
Crypto exchange support imposters leverage this quite well.
If you are urging an exchange support representative to notice you, chances are you locked yourself out of an exchange account where there’s a lot of money in open positions or in lending.
Maybe your laptop died and you lost access to both your email and your credentials. Maybe your phone died and you lost your 2FA access.
You are not thinking straight in a situation like this.
If a support rep actually gets back to you, especially if you know what a rare occurrence that is in the crypto industry, you will not question whether it is a legitimate staff member at all.
We are not paying full attention
Scrolling through social media or emails is the default thing we do when we have a few seconds to spare.
For most of us, checking the notifications is in fact the first thing we do in the morning, while we are still in bed.
It is extremely easy to click on anything that looks somewhat plausible when you are not even fully awake.
It is just as easy to click if a phishing email comes during the day as you are bombarded with work requests, while off-screen your kids are shouting at you and your spouse wants your opinion on something.
The scam sounds like it wants to help us
This is most dangerous in work setting.
Chatting with clients or coworkers primes you to understand every incoming email as work communication.
This is what helps the wallet update scam emails look legitimate: They sound technical, just like your work communication may sound. They are urging you to protect yourself, just like your IT department may have just a while ago.
If the phishing email sounds just like the type of email you normally get on a Tuesday morning from your company, you are more likely to click.
How to protect yourself against phishing
From the breakdown of how phishing scams get us it should be quite clear that the secret to protecting yourself is not in your tech stack.
The solution against Ledger and other scams is not technical. It is in managing your attention.
So, what exactly can we do to protect ourselves from crypto phishing? There is a couple of really easy non-technical hacks.
Stop doing your emails while half awake
Set yourself a rule to postpone any communication that requires more than
no until you have been awake for at least one hour.
Update your wallets weekly and ignore any security emails
Block 20 minutes every week in your calendar. Dedicate it to opening your Ledger Live and downloading any updates to both the Ledger Live app and the hardware wallet software.
You can do that directly from a notification inside the app. No need to wait for an email.
You can now do the same in an Electrum wallet. Since the 4.0.x versions, Electrum gives you a clickable notification about a new version. It looks like this:
Check your wallet updates weekly and safely ignore any update alerts that land in your mailbox.
Count to five before you click
Most of us will stop short once a scammer asks us for “small bitcoin transaction that will be returned once your account is unlocked”.
Classic phishing right there. This request is so well known that most of us will realise what we are falling for right on the spot.
But when it comes to security updates or other type of request that we know as usually legitimate, we do not question them.
Taking a few seconds before clicking on anything in an email related to crypto is often enough to notice the warning signs and refrain from clicking.
This relates to the last rule we will list in this article:
If somebody wants to help you, they are probably a scammer
In crypto, this is a good all-rounder.