Ledger has turned to X to expose the tactics of scammers targeting cryptocurrency users through a scheme known as “address poisoning”.
Address poisoning involves scammers “poisoning” a user’s wallet by sending a small amount of cryptocurrency or an NFT disguised as a voucher. Their goal is to deceive users into copying the scammer’s wallet address from their transaction history and returning the voucher, which will result in funds being sent to the scam account instead of a legitimate one.
Ledger tweeted, “These fake transactions are designed to make you believe that you previously sent funds to their address – but unless you initiate a transaction to one of these addresses on your own and sign the transaction with your Ledger, no value will actually be transferred from your account.”
Scammers have been using open-source software to generate addresses that resemble Ledger addresses, creating addresses with similar first and last characters to trick users into sending them assets.
This scam has been particularly widespread among users of Ledger Live, a cryptocurrency wallet management tool.
To avoid falling victim to the scam, it is important to ignore any concerns about a compromised wallet or suspicious transactions on an account. Clicking on or following a link in a malicious NFT is not enough to put a wallet at risk. The only potential risks include sharing or typing out a 24-word recovery phrase or signing a malicious transaction with a Ledger device.
It is best to refrain from interacting with any unwanted tokens or addresses. Ledger recommends that users right-click and ‘hide’ the token to remove it from view.
In general, it is important to be cautious of malicious links in a wallet that could lead to scam websites attempting to deceive users into sharing sensitive information or authorizing harmful transactions.