Scam Name: Ledger Live Kit Phishing Scam

Calculated Amount Lost: $11,648 USD
Scam URL: ledgerlivekit.web.app

Victim Description:
The victim lost $11,648 USD through a phishing scam where they were tricked into providing their 24-word passphrase for their Ledger cold wallet. This scam involved a fake website (ledgerlivekit.web.app) that impersonated the legitimate Ledger Live application to steal the victim’s private information and access their cryptocurrency holdings.

Scam Tactics:
Phishing Website:
The victim was directed to a fraudulent website, ledgerlivekit.web.app, which mimicked the legitimate Ledger Live platform used to manage Ledger hardware wallets. Phishing websites often use similar URLs and designs to deceive users into believing they are interacting with an official site.

Exposing Private Information:
The victim was tricked into entering their 24-word passphrase (also known as a seed phrase), which is a crucial piece of information that provides full access to their cryptocurrency holdings. Once the scammers obtained this passphrase, they gained control of the victim’s Ledger wallet.

Stolen Funds:
After the passphrase was provided, the scammers had full access to the victim’s wallet and stole $11,648 USD worth of cryptocurrency.

Transaction IDs:
The victim has transaction IDs for the stolen cryptocurrency, which can help trace the movement of funds on the blockchain. However, recovery is difficult once the funds have been transferred to scammer-controlled wallets.

Scammer’s Addresses:
Receiving Wallet Addresses:

• rNFugeoj3ZN8Wv6xhuLegUBBPXKCyWLRkB
• 0xd557fCB4374856fb3706A07eD258A33d5743F690
• 0xee8AA17bAfA0391CF39F0C47A8448DA948bbBE12

Wallet Information Involved in the Scam:
The victim’s Ledger wallet was compromised when they provided their passphrase to the scam website, allowing the scammers to transfer the stolen funds to the addresses listed above.

Domain Information:
The phishing website ledgerlivekit.web.app operates under the web.app domain, which is registered through MarkMonitor Inc.. The domain was created on January 8, 2019, and is set to expire on January 8, 2025. The domain status is clientDeleteProhibited, clientTransferProhibited, and clientUpdateProhibited, making it more difficult for third parties to take control of the domain. The name servers associated with the domain are standard Google-managed servers, often used by websites hosted on Google’s infrastructure.

Domain: web.app
Registrar: MarkMonitor Inc.
Registered On: 2019-01-08
Expires On: 2025-01-08
Updated On: 2023-12-12
Status: clientDeleteProhibited, clientTransferProhibited, clientUpdateProhibited
Name Servers: ns1.googledomains.com, ns2.googledomains.com, ns3.googledomains.com, ns4.googledomains.com

Recommendations:

Report the Scam:
The victim should immediately report the incident to Ledger Support and other relevant authorities like the Federal Trade Commission (FTC) or the Internet Crime Complaint Center (IC3). Providing the scam URL and transaction IDs will help authorities track the scam and potentially prevent further victims.

Blockchain Tracking:
The victim has the transaction IDs of the stolen cryptocurrency, which should be used to track the movement of funds on the blockchain. Using blockchain explorers like Etherscan (for Ethereum-based transactions) or Blockchair, they can trace where the stolen funds were sent. However, funds may be moved through multiple addresses, making it difficult to recover them.

Consult Legal Counsel:
Given the size of the financial loss, the victim should consider consulting a legal professional experienced in cryptocurrency fraud. While recovering funds directly from scammers is challenging, legal professionals may advise on any available options, such as filing a lawsuit or contacting crypto exchanges that may have processed the stolen funds.

Avoid Providing Private Information:
In the future, the victim should ensure that they never share their 24-word passphrase or private keys with anyone, including on websites that appear legitimate. This passphrase is the key to their wallet, and anyone with it can steal their funds.

Strengthen Security:
The victim should enable two-factor authentication (2FA) on all accounts related to cryptocurrency trading or wallets. They should also reset their Ledger wallet and generate a new passphrase if they are unsure about its security.

Alert the Public:
The victim should report the scam to social media, scam reporting websites, and cryptocurrency forums. This can help spread awareness and prevent others from falling into the same trap.

Blacklist the Website:
The victim should report the fraudulent website ledgerlivekit.web.app to Google Safe Browsing, PhishTank, and other phishing detection platforms. This will help prevent other users from visiting the phishing site.

Monitor Accounts for Suspicious Activity:
The victim should continuously monitor their cryptocurrency and banking accounts for any unusual activity. If the scammer attempts further communication or unauthorized transactions, the victim should report it immediately to the authorities.

Conclusion:
The victim lost $11,648 USD through a phishing scam on ledgerlivekit.web.app, where they were tricked into providing their 24-word passphrase for their Ledger cold wallet. After gaining access to the wallet, the scammers stole the funds and transferred them to multiple addresses. The victim should report the scam to authorities, track the transactions on the blockchain, and consider seeking legal counsel to explore options for recovery.