Fake Ledger Chrome Extension Crypto Scam May Have Stolen Up to $2.5M

A Reddit user who was victimized by a scam Ledger wallet saw her funds sent to a $2.5M XRP whale.

A fraudulent cryptocurrency wallet masquerading as legitimate Google Chrome extensions may be responsible for a scam operation that may have claimed as much as $2.5 million in XRP, according to a report from a Reddit user who claims to have lost roughly $2,500 in XRP to the scam extension over the weekend.

In the post, which was made on March 28, Reddit user ‘Leannekera,’ who also claims to be infected with the coronavirus, wrote that she felt “so embarrassed” after she “watched our xrp transfer from our account to an account that is currently holding over $2.5 million in xrp.”

The balance of the “whale” that the stolen XRP was transferred to. Source: XRPCharts, Reddit.

“This is clearly a large operation,” she wrote.

And indeed, this may be the case–Ledger’s Twitter account warned users of fraudulent Chrome Extensions on March 5.

As of March 24, researchers at xrplorer forensics estimated that one such fraudulent Ledger extension had made off with 1.4 million XRP (worth $235,775 at press time) in March alone.

Leannekera’s story

Leannekera said that sick, and in the isolation of quarantine, she made the decision to consolidate her cryptocurrencies into Bitcoin as “money is tight,” and she believed that the consolidation would “recoup around 20%” of her and her husband’s losses.

“I recalled the Ledger having a Chrome extension and this is when the scam starts,” she wrote.

The scam was particularly malicious because of steps that hackers may have taken to make it appear to be legitimate: “the only ledger extension on the Chrome store is one by the name of ‘Ledger Wallet’ or ‘Ledger Live,’” she wrote.

“It claims to be from Ledger.com ® or Ledger Official ® and for all intents and purposes looks legitimate. It even had over 70 positive 4-5 star reviews, ranging from ‘Its a little difficult to operate’ to ‘once I understood what to do it was easy.’”

However, the extension then prompted her to enter her wallets’ proprietary seed phrase, which allowed the hackers to take ownership of its private keys and send the XRP to their own wallet.

“The entire process took less than 8 minutes,” she said.

While the exact Chrome Extension she allegedly used is no longer online, Leannekera said that she had “seen it re-uploaded this morning” at the time of the post. Both of the links that she supplied to the alleged scam wallets were dead ends, seeming to indicate that they had been removed from the Chrome Web Store.

However, searching the web store revealed that there is a Ledger Wallet extension still live on the platform, and there are a number of reviews that say that it is a scam. Finance Magnates reached out to Ledger to confirm whether or not the app is associated with the company, but did not immediately hear back. This article will be updated when a response is received.

Source: Google Chrome Web Store, 30.03.2020

Unfortunately, fraudulent Chrome Extensions are nothing new to the world of cryptocurrency. In May of last year, a fake Chrome extension targeting Trezor users was discovered by ESET antivirus researchers.

Got a news tip? Let Us Know