{"id":35209,"date":"2021-01-22T17:14:07","date_gmt":"2021-01-22T15:14:07","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=35209"},"modified":"2025-08-29T00:12:37","modified_gmt":"2025-08-28T21:12:37","slug":"hackers-launch-mass-phishing-campaign-impersonating-exodus-echoing-ledger","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-launch-mass-phishing-campaign-impersonating-exodus-echoing-ledger\/","title":{"rendered":"Hackers launch mass phishing campaign impersonating Exodus, echoing Ledger"},"content":{"rendered":"<p>Wallet owners began receiving phishing messages demanding software updates due to an alleged vulnerability. Similar messages had previously been sent to Ledger users, in an attempt to steal their confidential information.<!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">\ud83d\udea8ALERT\ud83d\udea8 scammers from <a href=\"https:\/\/twitter.com\/Ledger?ref_src=twsrc%5Etfw\">@Ledger<\/a> leak are trying to use others wallets\/companies for the same scam <a href=\"https:\/\/twitter.com\/exodus_io?ref_src=twsrc%5Etfw\">@exodus_io<\/a> be careful out there my family \u2764\ufe0f <a href=\"https:\/\/twitter.com\/hashtag\/Ledgerhack?src=hash&#038;ref_src=twsrc%5Etfw\">#Ledgerhack<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Ledger?src=hash&#038;ref_src=twsrc%5Etfw\">#Ledger<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/BTC?src=hash&#038;ref_src=twsrc%5Etfw\">#BTC<\/a> <a href=\"https:\/\/t.co\/aZZ394LioG\">pic.twitter.com\/aZZ394LioG<\/a><\/p>\n<p>\u2014 Ending TheFed \ud83c\udde9\ud83c\uddf4 (@ThefedEnding) <a href=\"https:\/\/twitter.com\/ThefedEnding\/status\/1352547738567716864?ref_src=twsrc%5Etfw\">January 22, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to several Twitter users, the scammers acting on behalf of Exodus claimed that on January 18 a number of the company\u2019s servers were allegedly infected with malware, resulting in data from almost 94,000 customers being compromised. To protect users\u2019 assets, they asked them to update their seed phrase and wallet PIN.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Since the <a href=\"https:\/\/twitter.com\/hashtag\/Ledgerhack?src=hash&#038;ref_src=twsrc%5Etfw\">#Ledgerhack<\/a> I also receive phishing e-mails referring to wallet providers I&apos;ve never used or signed up, e.g. <a href=\"https:\/\/twitter.com\/exodus_io?ref_src=twsrc%5Etfw\">@exodus_io<\/a> . It is the same text as in the phishing e-mails related to <a href=\"https:\/\/twitter.com\/Ledger?ref_src=twsrc%5Etfw\">@Ledger<\/a> <a href=\"https:\/\/t.co\/4rJn8eNjL8\">pic.twitter.com\/4rJn8eNjL8<\/a><\/p>\n<p>\u2014 Hagbard (@_hundredeyes) <a href=\"https:\/\/twitter.com\/_hundredeyes\/status\/1352304786146816002?ref_src=twsrc%5Etfw\">January 21, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>As reported on June 25, 2020, data <a href=\"https:\/\/forklog.com\/en\/news\/ledger-reports-data-breach-affecting-around-one-million-users\">over a million Ledger<\/a> users leaked online. An unknown party gained access to email addresses, names, phone numbers of users, as well as information about the products purchased and delivery addresses.<\/p>\n<p>In late October, a user going by Polaris posted the database on the hacker forum exploit.in. User hyperdrill bought the data for 5 BTC.<\/p>\n<p>On December 21, data <a href=\"https:\/\/forklog.com\/en\/news\/ledger-data-leak-exposes-details-of-a-million-hardware-wallet-users\">were made publicly available<\/a> through the Raidforums forum, where anyone could download them.<\/p>\n<p>Last week Ledger Nano wallet owners began receiving threats from unknown attackers demanding a ransom of 0.3 BTC or 10 ETH. The letters contained the victim&apos;s full name and residential address, as well as threats of physical harm if the conditions were not met within 24 hours.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">F**k sake!<\/p>\n<p>This is my actual home address in the email.<\/p>\n<p>I don\u2019t even know what to say, but <a href=\"https:\/\/twitter.com\/Ledger?ref_src=twsrc%5Etfw\">@Ledger<\/a> you absolutely useless waste of space.<\/p>\n<p>Stay safe everyone \ud83d\ude4f\ud83c\udffe <a href=\"https:\/\/twitter.com\/search?q=%24VET&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$VET<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/VeChain?src=hash&#038;ref_src=twsrc%5Etfw\">#VeChain<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/VeFam?src=hash&#038;ref_src=twsrc%5Etfw\">#VeFam<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/VTHO?src=hash&#038;ref_src=twsrc%5Etfw\">#VTHO<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/VET?src=hash&#038;ref_src=twsrc%5Etfw\">#VET<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/CryptoFam?src=hash&#038;ref_src=twsrc%5Etfw\">#CryptoFam<\/a> <a href=\"https:\/\/t.co\/T3gLuU7gsg\">pic.twitter.com\/T3gLuU7gsg<\/a><\/p>\n<p>\u2014 Saleh Ahmed \u24cb (@SalehAhmedd_) <a href=\"https:\/\/twitter.com\/SalehAhmedd_\/status\/1349750379257470977?ref_src=twsrc%5Etfw\">January 14, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>As of writing, the bitcoin- and Ethereum-wallets mentioned in the emails {{AOPEN_4}}are empty{{ACLOSE_4}}. Threats began the day after Ledger announced that data for another roughly 20,000 users had leaked through Shopify, and blamed the platform&apos;s support team.<\/p>\n<p>The Ledger developers announced <a href=\"https:\/\/forklog.com\/en\/news\/ledger-to-pay-10-btc-for-information-leading-to-arrests-of-cybercriminals-behind-a-string-of-attacks-and-data-breaches\">a reward of 10 BTC<\/a> for help in locating the cybercriminals responsible for a string of attacks and data leaks.<\/p>\n<p>Subscribe to ForkLog news on <a href=\"https:\/\/twitter.com\/ForkLog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Twitter<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wallet owners began receiving phishing messages demanding software updates due to an alleged vulnerability. Similar messages had previously been sent to Ledger users, in an attempt to steal their confidential information.<\/p>\n","protected":false},"author":1,"featured_media":35210,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1340,1640,57],"class_list":["post-35209","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-exodus","tag-ledger","tag-wallets"],"aioseo_notices":[],"amp_enabled":true,"views":"25","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=35209"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35209\/revisions"}],"predecessor-version":[{"id":35211,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/35209\/revisions\/35211"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/35210"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=35209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=35209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=35209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}