Dark web vendors distribute fake Ledger wallet pages targeting crypto users

SOCRadar Dark Web Team identified threat actors distributing phishing tools that mimic Ledger hardware wallet interfaces to steal cryptocurrency. These tools include redesigned interfaces, anti-bot protection, and seed phrase capture functionality. The attackers targeted Ledger users specifically and advertised the tools for “educational purposes.” Phishing attacks are a significant threat in 2025, with criminals stealing millions through social engineering tactics. Venus Protocol recently fell victim to a phishing attack, losing $13 million.