The article details a 'Stellar Staking Marathon' email-phishing scam targeting Stellar (XLM) users, linked to the 2020 Ledger.com database breach that exposed over 1 million emails and personal data of 270,000 individuals. Stellarscam.report connects this to memo-phishing bots on the Stellar Network, noting pattern changes coinciding with the breach. Users are urged to check haveibeenpwned.com and report scams.
A phishing campaign pretending to offer Stellar staking rewards began on June 25, 2020, targeting XLM holders via spoofed emails, coinciding exactly with the exploitation of Ledger's database breach that leaked customer emails and details. Stellarscam.report's analysis of over 40 victim reports shows all had Ledger wallets or registered emails on Ledger.com. Memo-phishing bot activity on Stellar dropped as email scams rose, with stolen funds traced to the same actors. Ledger confirmed API key compromise led to the breach, similar to a later SDF email incident. Over 1 million XLM stolen; victims advised to verify exposure on haveibeenpwned.com and report to stellarscam.report.
