The crypto industry is unfortunately plagued by a plethora of malicious activity. Whether it’s phishing attacks that scam victims, or hacks that steal large sums of money, or bots that aim to steer the market in favor of certain token holders, crypto users must always beware.
Now, Ledger, a company that offers hardware and cold crypto wallets to customers, warns crypto users about a new scam. Some users have been receiving invitations to redeem “Free NFTs” which can allegedly be redeemed on third-party websites.
According to the company’s blog , “You may receive unsolicited NFT airdrops that appear to be vouchers, promising free money if redeemed on a third-party website. These NFTs often contain links to external sites.”
Ledger warns that these supposed vouchers are actually scams that aim to lead victims to third-party websites and eventually drain their crypto wallets.
The blog also details how the scam works. If a victim lands on one of those websites, it will prompt them to enter their 24-word recovery phrase.
The phrase acts as a key for all accounts held by a user. As a result, if a victim gives the phrase to a scammer, the scammer is likely to empty all crypto assets from the victim’s account.
For that reason, Ledger advises users to never give out their 24-word recovery phrases or else they may lose all digital assets associated with their accounts. Moreover, users should not interact “with links or websites associated with the NFT. Also, users should not send the NFT to other accounts or burner addresses, since doing so “requires interaction with the NFT’s underlying smart contract, which could be malicious.”
Finally, users should “Simply hide the NFT in Ledger Live by right-clicking on the NFT then select Hide NFT Collection.”
Thankfully, just going to a harmful website won’t make a user lose their crypto assets. The only way a user might put their wallets at risk is by entering their 24-word recovery phrase or agreeing to a bad contract.
Ledger advises users who sign contracts suspected to be malicious to “immediately revoke all permissions” associated with their accounts. They should also contact customer service to make sure their assets are safe.