The hardware crypto wallet aims to be one the safest means to store digital assets, however, the latest incidents show that even they become vulnerable.
Ledger, the digital asset hardware wallet manufacturer, was repeatedly attacked during the last few weeks. The users claim, that the fake “Ledger Live” Google Chrome application is here to blame.
The latest incident was spotted on Reddit a few days ago when the user reported that over 14.000 Ripple (XRP) worth nearly $2.4k USD has been stolen from her Ledger Nano wallet. She also added to be witnessing process of her XRP funds have been transferred to the other account that is currently holding over $2.5 million in XRP coins worth over $14.7 million USD.
The user writes that she only downloaded Ledger app, which seemed to look official and legitimate and even had over 70 positive reviews. According to her, suspicious activity started when she downloaded the app:
Once you download the Chrome extension, it will ask for the version of Ledger you are using, followed by a screen prompting you to fill in your full set of keywords.
The woman, who also claims to be currently suffering the coronavirus, said she thoroughly typed in all the keywords, but the app did not appear to work. During less than 10 minutes her XRP account was emptied.
Ledger suffered from more attacks this month
The first warning about Ledger Live app being compromised started to appear at the beginning of the March when the Security Director of the MyCrypto platform discovered malicious application stealing Ledger wallet recovery seed phrases that allow hackers to gain access to the victim’s private cryptocurrency keys.
In his interview with the ZDNet portal, he said that the fraudulent extension tries to trick users into thinking that this is the Chrome version of the original Ledger Live app, which would allow users to check balance or approve transactions through the Chrome browser.
Ledger reacted immediately as the support team informed about phishing alerts on fake Chrome extension, attempting to steal users’ virtual assets by asking them to enter their 24-word recovery phrase to access their wallet:
🚨PHISHING ALERT🚨— Ledger Support (@Ledger_Support) March 5, 2020
A fake Chrome extension has been found, asking to enter your 24 word recover phrase
⚠️NEVER share your 24 words
⚠️NEVER enter your 24 words into any internet-connected device
⚠️Ledger will NEVER ask for your 24 words
Read more: https://t.co/QNoSwptn3U https://t.co/QZKMmT6TMf
Furthermore, the XRP forensic team confirmed last week, that the same malicious app collected backup passphrases to empty users accounts. The team, that is working to prevent fraudulent activity on the XRP Ledger, said in the series of tweets, that nearly 1.4 million Ripple coins has been stolen during the last month.
Fake “Ledger Live” chrome extensions are used to collect user backup passphrases. They are advertised in Google searches and use Google Docs for collecting data. Accounts are being emptied and we have seen more than 200K XRP being stolen the past month alone.@Ledger @Google— xrplorer.com forensics (@xrpforensics) March 24, 2020
The malicious program, that imitates the official Ledger Live application, currently seems to be removed from the Chrome web store. According to the report, the app might be installed by nearly 120 users. It was also heavily advertised on Google Ads via the search phrase “Ledger Live”.
Phishing and various other kinds of scam, especially the coronavirus scam, become a serious threat to the blockchain and cryptocurrency industries. The number of cryptocurrency-related scams is continuously growing, reaching over 37 thousand of cases within the past year alone and making it the second most risky scam among North Americans.