Cybercriminals have launched a phishing campaign targeting users of Ledger hardware cryptocurrency wallets. The scam, which began on December 15, 2024, involves sending emails that appear to come from Ledger's official support address. These emails falsely claim that a data breach has occurred and urge users to verify their recovery phrases on a counterfeit website hosted on Amazon AWS infrastructure. The phishing emails use a domain registered on the same day the scam started. The attackers aim to steal users' recovery phrases, which can be used to access and steal cryptocurrency from the affected wallets.