SOCRadar Dark Web Team has uncovered a new phishing kit targeted at Ledger hardware wallets, in an attempt to siphon off cryptocurrency funds from users.
In the new report dated 1 September, the team explained that the phishing kit, allegedly a clone of the Ledger interface, has been gaining popularity in underground cybercriminal forums and file hosting sites in recent days. The fraudulent kit, which claims to be designed for 'educational purposes' only, is being sold under the new brand name 'Ledger Wallet 2025 Smart Scampage Inferno Multichain'.
According to reports, the kit is distinguished by its 'premium appearance' very similar to the legitimate Ledger interface. It is also said to include a redesigned and completely new UI, an aesthetic similar to the Ledger 2025 interface, protection from bots, responsive design for desktop and mobile, and a seed phrase capture feature.
It is the latter feature that is of greatest concern, as it would allow fraudsters to intercept the seed phrases of victims of phishing attacks and thus gain access to their private keys.
SOCRadar researchers pointed out that despite the wording 'for educational purposes only', the kit appears to be intended for malicious and illicit use only. Moreover, being sold through direct messages and organised in darknet marketplaces, "Ledger users could become specific targets of large-scale phishing attacks".
Coinciding with another massive crypto theft worth $13 million
The report comes just days after what is considered a major blow in the crypto industry. A user of Venus Protocol lost nearly $13 million to a phishing attack, after criminals installed a malicious version of Zoom on his computer and thus gained system-wide control.
With this access, the attackers convinced the victim to sign a transaction to make them a valid proxy on Venus. This enabled the fraudsters to borrow funds from the victim's wallet and subsequently redeem these tokens within the Venus protocol.
The Venus team was able to suspend the protocol within 20 minutes and returned the stolen funds to the wallet owner within 13 hours via forced liquidation.
Phishing is the 2nd most expensive attack of 2025
A report by blockchain security company CertiK revealed the alarming scale of phishing attacks as of 30 June 2025. According to the paper, phishing is the second most costly attack vector, with nearly 411 million dollars stolen in 132 attacks.
Although other forms of hacking have yielded larger gains, phishing was found to be responsible for the highest number of attacks.
SOCRadar researchers warn that, with kits of this type directed against hardware wallets considered trustworthy such as Ledger, both new and experienced investors should exercise extreme caution. Indeed, these tools could undermine users' trust in popular security products and encourage cryptocurrency theft on an even more coordinated scale.