I’m writing to express concern about an active phishing operation targeting cryptocurrency users that continues to operate despite multiple reports.
Site: [REDACTED]
Date Discovered: February 2025
Reports Submitted: as of today 3 (24-2-2025, 26-2-2025, 2-3-2025)
This site impersonates Ledger (the cryptocurrency hardware wallet company) and attempts to steal users’ recovery phrases via text message phishing. The site:
Is newly registered (created February 16, 2025)
Uses Cloudflare protection services
Harvests crypto wallet recovery phrases and sends them to attackers via Telegram
Has been actively sending SMS messages to potential victims (their VIOP-accounts have been suspended)
Despite multiple reports to both Cloudflare and the registrar (Ultahost, Inc.), this dangerous site remains operational, continuing to victimize users.
Cloudflare received your Phishing report regarding: updatewallet-ledger[.]com
Please be aware Cloudflare offers network service solutions including pass-through security services, a content distribution network (CDN) and registrar services. Due to the pass-through nature of our services, our IP addresses appear in WHOIS and DNS records for websites using Cloudflare. Cloudflare cannot remove material from the Internet that is hosted by others.
Rejected URL(s):
[REDACTED]
These URLs are not considered to be in violation of our abuse policy.
We have notified our customer of your report.
We have forwarded your report on to the responsible hosting provider.
You may also direct your report to:
The provider where updatewallet-ledger[.]com is hosted (provided above);
The owner listed in the WHOIS record for updatewallet-ledger[.]com and/or;
The contact listed on the updatewallet-ledger[.]com site.
Note: A lookup of the IP for a Cloudflare customer website will show Cloudflare IPs because we are a pass-through network. The actual website is still hosted at the hosting provider indicated above. If the hosting provider has any questions, please have the hosting provider contact us directly regarding this site. Due to attempted abuse of our complaint reporting process, we will only provide the IP of updatewallet-ledger[.]com to the responsible hosting provider if they contact us directly at [email protected].
Please DO NOT post links to potentially malicious websites in the community forum. No one in the community can address a security concern or access a ticket with Cloudflare Trust and Safety. All you are doing is putting others at risk by posting links to a site you insist is malicious in nature.
I’ve reported this domain multiple times, I’ve even emailed and Cloudflare has done NOTHING to protect the gullible and the good of heart. Cloudflare has protected the scammers with the continuation of their services. And from the moment that I’ve reported my findings to Cloudflare, they where knowingly helping scammers with the continuation of their scam.
I’ve read some blog and the most interesting was the comparison of them with the fire department. In this case Cloudflare can be compared to the Uvalde police, they had all the means to end it very quickly, but there weren’t enough casualties yet.
But hey, even if I were to be banned for life on this community, I’ll sleep a lot better knowing that I’ve done everything in my power to stop people from loosing their hard earned money.
