Skip to main content

Posts

Showing posts with the label automated static analysis

A Practical Analysis of the Ledger Phishing Email

Attempts at phishing and social ngineering attacks have increased exponentially as of late, especially towards users who are active in the cryptocurrency space. Recently, there has been much discussion about a cunning attempt by phishers against Ledger and its users. In this article, we’ll dissect: How Ledger devices secure your Bitcoin and other cryptocurrencies What makes it, and other hardware wallets, vulnerable to phishing attacks Exactly how this phishing attack was executed, from spoofing the email to obtaining the assets The mechanisms attackers used to entice victims to install a fake client update How the client worked, from high-level concept to the internals of the Electron App What made it all possible: Where the attackers obtained the data, and the lackluster disclosure A note of caution: Never share the seed or private keys of your wallet! Starting from the beginning Before proceeding into a deeper analysis of the situation, it is appropriate t...