Phishing kit imitating Ledger Wallet discovered on the dark web
A new phishing kit on the dark web imitates Ledger Wallet, threatening crypto users.
SOCRadar Dark Web Team has uncovered a new phishing kit targeted at Ledger hardware wallets, in an attempt to siphon off cryptocurrency funds from users.
In the new report dated 1 September, the team explained that the phishing kit, allegedly a clone of the Ledger interface, has been gaining popularity in underground cybercriminal forums and file hosting sites in recent days. The fraudulent kit, which claims to be designed for 'educational purposes' only, is being sold under the new brand name 'Ledger Wallet 2025 Smart Scampage Inferno Multichain'.
According to reports, the kit is distinguished by its 'premium appearance' very similar to the legitimate Ledger interface. It is also said to include a redesigned and completely new UI, an aesthetic similar to the Ledger 2025 interface, protection from bots, responsive design for desktop and mobile, and a seed phrase capture feature.
It is the latter feature that is of greatest concern, as it would allow fraudsters to intercept the seed phrases of victims of phishing attacks and thus gain access to their private keys.
SOCRadar researchers pointed out that despite the wording 'for educational purposes only', the kit appears to be intended for malicious and illicit use only. Moreover, being sold through direct messages and organised in darknet marketplaces, "Ledger users could become specific targets of large-scale phishing attacks".
Coinciding with another massive crypto theft worth $13 million
The report comes just days after what is considered a major blow in the crypto industry. A user of Venus Protocol lost nearly $13 million to a phishing attack, after criminals installed a malicious version of Zoom on his computer and thus gained system-wide control.
With this access, the attackers convinced the victim to sign a transaction to make them a valid proxy on Venus. This enabled the fraudsters to borrow funds from the victim's wallet and subsequently redeem these tokens within the Venus protocol.
The Venus team was able to suspend the protocol within 20 minutes and returned the stolen funds to the wallet owner within 13 hours via forced liquidation.
Phishing is the 2nd most expensive attack of 2025
A report by blockchain security company CertiK revealed the alarming scale of phishing attacks as of 30 June 2025. According to the paper, phishing is the second most costly attack vector, with nearly 411 million dollars stolen in 132 attacks.
Although other forms of hacking have yielded larger gains, phishing was found to be responsible for the highest number of attacks.
SOCRadar researchers warn that, with kits of this type directed against hardware wallets considered trustworthy such as Ledger, both new and experienced investors should exercise extreme caution. Indeed, these tools could undermine users' trust in popular security products and encourage cryptocurrency theft on an even more coordinated scale.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
Phishing emails use Booking.com to promote a fake 'Exclusive Crypto Travel Summit' in Dubai, citing Buterin and Armstrong. CoinGecko CEO Bobby Ong and Booking.com confirm the scam.
Record crypto seizure in the UK: $7.3 billion in Bitcoin (61,000 BTC) was confiscated from Chinese citizen Zhimin Qian, who swindled 128,000 people. The figure, equal to the entire existing government reserve, opens a debate on the creation of a UK Bitcoin Reserve.
Two Garcia brothers kidnapped a family in Minnesota and stole $8M in crypto. The case, involving armed threats and coercion, underlines the rise of digital asset crime in the US.
SOCRadar Dark Web Team has uncovered a new phishing kit targeted at Ledger hardware wallets, in an attempt to siphon off cryptocurrency funds from users.
In the new report dated 1 September, the team explained that the phishing kit, allegedly a clone of the Ledger interface, has been gaining popularity in underground cybercriminal forums and file hosting sites in recent days. The fraudulent kit, which claims to be designed for 'educational purposes' only, is being sold under the new brand name 'Ledger Wallet 2025 Smart Scampage Inferno Multichain'.
According to reports, the kit is distinguished by its 'premium appearance' very similar to the legitimate Ledger interface. It is also said to include a redesigned and completely new UI, an aesthetic similar to the Ledger 2025 interface, protection from bots, responsive design for desktop and mobile, and a seed phrase capture feature.
It is the latter feature that is of greatest concern, as it would allow fraudsters to intercept the seed phrases of victims of phishing attacks and thus gain access to their private keys.
SOCRadar researchers pointed out that despite the wording 'for educational purposes only', the kit appears to be intended for malicious and illicit use only. Moreover, being sold through direct messages and organised in darknet marketplaces, "Ledger users could become specific targets of large-scale phishing attacks".
Coinciding with another massive crypto theft worth $13 million
The report comes just days after what is considered a major blow in the crypto industry. A user of Venus Protocol lost nearly $13 million to a phishing attack, after criminals installed a malicious version of Zoom on his computer and thus gained system-wide control.
With this access, the attackers convinced the victim to sign a transaction to make them a valid proxy on Venus. This enabled the fraudsters to borrow funds from the victim's wallet and subsequently redeem these tokens within the Venus protocol.
The Venus team was able to suspend the protocol within 20 minutes and returned the stolen funds to the wallet owner within 13 hours via forced liquidation.
Phishing is the 2nd most expensive attack of 2025
A report by blockchain security company CertiK revealed the alarming scale of phishing attacks as of 30 June 2025. According to the paper, phishing is the second most costly attack vector, with nearly 411 million dollars stolen in 132 attacks.
Although other forms of hacking have yielded larger gains, phishing was found to be responsible for the highest number of attacks.
SOCRadar researchers warn that, with kits of this type directed against hardware wallets considered trustworthy such as Ledger, both new and experienced investors should exercise extreme caution. Indeed, these tools could undermine users' trust in popular security products and encourage cryptocurrency theft on an even more coordinated scale.
Read Next
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
Crypto Scam Alert: Fake Booking.com and Coinbase Partnership for Summit in Dubai
Phishing emails use Booking.com to promote a fake 'Exclusive Crypto Travel Summit' in Dubai, citing Buterin and Armstrong. CoinGecko CEO Bobby Ong and Booking.com confirm the scam.
$7.3 Billion in Bitcoin Stolen from a Chinese Fraudster
Record crypto seizure in the UK: $7.3 billion in Bitcoin (61,000 BTC) was confiscated from Chinese citizen Zhimin Qian, who swindled 128,000 people. The figure, equal to the entire existing government reserve, opens a debate on the creation of a UK Bitcoin Reserve.
Digital Horror in Minnesota: Brothers Kidnap Family to Steal $8 Million in Crypto.
Two Garcia brothers kidnapped a family in Minnesota and stole $8M in crypto. The case, involving armed threats and coercion, underlines the rise of digital asset crime in the US.