According to Cointelegraph, a new wave of scam emails is targeting Ledger users, attempting to steal their cryptocurrency holdings. These emails aim to convince users to activate a so-called security feature, 'Ledger Clear Signing,' by October 31 to continue using their Ledger device. The emails, sent from addresses not associated with Ledger, direct users to a malicious link to activate the fake security feature. The phishing email states that activating Clear Signing is mandatory starting November 1, 2024, to protect assets from phishing attacks and fraudulent activities.

Phishing scams deceive users into willingly sharing their account details with scammers. Crypto users should avoid clicking suspicious links or providing any personal information to unknown sources. Cointelegraph has approached Ledger for comment. Phishing attacks are becoming increasingly common in the crypto space. In May, a trader lost $71 million worth of crypto in the year’s most high-profile phishing attack. The attacker tricked the trader into sending 99% of their funds to the attacker’s address.

Ledger’s hardware wallets are among the most popular in the industry, making its users prime targets for scammers. However, the current wave of emails is a 'very clean Ledger scam,' according to Thomas Roccia, senior threat researcher at Microsoft. Roccia noted that the scam link redirects users to a URL that is completely unrelated to Ledger. Despite their unsophisticated nature, phishing attacks are a growing concern in crypto. Phishing attacks stole approximately $46 million in September from around 10,800 victims, according to the on-chain security firm Scam Sniffer. The biggest loss was reported on September 28, when a phishing attack using a permit phishing signature drained 12,083 spWETH worth $32.43 million.

In August, crypto phishing attacks surged by over 215%, with $66 million worth of digital assets stolen from around 9,145 victims. The majority of the stolen value in August was attributed to a single large-scale phishing attack worth $55 million. On August 20, an unfortunate crypto holder signed a transaction that changed the ownership of 55.47 million Dai (DAI) in the decentralized finance protocol Maker.