Ledger Live phishing domains hosted on Zapier and WixStudio

[abaev020-svg]

What are the subjects of the phishing (domains, URLs or IPs)?

https://eng-ldgrlive.zapier.app/live-app

What are the impersonated domains?

• https://www.ledger.com
• https://www.ledger.com/ledger-live

Where or how did you discover this phishing?

I discovered this phishing campaign while monitoring crypto-related phishing infrastructure abusing free hosting providers such as Zapier and WixStudio.

The phishing pages imitate Ledger Live and attempt to trick users into entering wallet recovery phrases or credentials by impersonating the official Ledger platform.

Do you have a screenshot?

Screenshot

Related external source

• https://phishdestroy.io/domain/eng-ldgrlive.zapier.app/
• https://phishdestroy.io/domain/ledgrlive-desktop.wixstudio.com/
• https://support.ledger.com/article/scams-targeting-crypto-holders
• https://support.ledger.com/article/fraudulent-ledger-live-applications

Additional Information or Context

These phishing domains appear to be part of an ongoing cryptocurrency phishing campaign abusing trusted cloud hosting providers to evade detection and takedown efforts.

The infrastructure imitates Ledger Live branding and uses deceptive naming patterns such as “ldgrlive” to target Ledger users and steal wallet recovery phrases or credentials.

The domains should be proactively blocklisted to prevent further cryptocurrency theft and user compromise.