A new wave of attacks in the crypto industry targets not the wallet itself, but deceives users through counterfeit software. Grigory Osipov, Director of Investigations at “Shard,” shared with ForkLog how to safeguard your digital assets.<\/p>\n
The expert noted that hardware wallets are traditionally considered the safest storage method, yet things are changing, and Ledger Live has become the “Achilles’ heel.” This refers to a malicious campaign<\/a> aimed at macOS device users.<\/p>\n Malefactors are distributing malicious versions of Ledger Live. Their goal is to obtain the user’s seed phrase, granting full access to the wallet’s funds. Osipov described this as a “high-class social engineering attack.” The fake application replaces the original, then displays a plausible “critical error” message. The user is prompted to “restore access” by entering their seed phrase.<\/p>\n The specialist emphasized that the issue lies not in vulnerabilities within Ledger itself, but in the user’s trust in the program’s visual interface. Software can be substituted, the graphical interface copied, and the recovery page can look identical to the genuine one.<\/p>\n Given that the threat vector has shifted towards user perception attacks, Osipov believes it is crucial to develop mature digital behavior. Key recommendations include:<\/p>\n “As long as users rely solely on external signs of trust \u2014 interface, logo, familiar sequence of actions \u2014 they remain vulnerable. Therefore, genuine cybersecurity today is defined not only by the technological level of protection but also by the maturity of the subject in the context of digital behavior,” concluded Osipov.<\/em><\/p>\n<\/blockquote>\n In April, Ledger customers began receiving<\/a> physical letters with the company’s logo, demanding address verification through seed phrase entry.<\/p>\n\n
\n