A fraudulent cryptocurrency wallet masquerading as legitimate Google Chrome extensions may be responsible for a scam operation that may have claimed as much as $2.5 million in XRP, according to a report from a Reddit user who claims to have lost roughly $2,500 in XRP to the scam extension over the weekend.
In the post, which was made on March 28, Reddit user ‘Leannekera,’ who also claims to be infected with the coronavirus, wrote that she felt “so embarrassed” after she “watched our xrp transfer from our account to an account that is currently holding over $2.5 million in xrp.”
“This is clearly a large operation,” she wrote.
And indeed, this may be the case–Ledger’s Twitter account warned users of fraudulent Chrome Extensions on March 5.
A fake Chrome extension has been found, asking to enter your 24 word recover phrase
⚠️NEVER share your 24 words
⚠️NEVER enter your 24 words into any internet-connected device
⚠️Ledger will NEVER ask for your 24 words
— Ledger Support (@Ledger_Support) March 5, 2020
As of March 24, researchers at xrplorer forensics estimated that one such fraudulent Ledger extension had made off with 1.4 million XRP (worth $235,775 at press time) in March alone.
Fake “Ledger Live” chrome extensions are used to collect user backup passphrases. They are advertised in Google searches and use Google Docs for collecting data. Accounts are being emptied and we have seen more than 200K XRP being stolen the past month alone.@Ledger @Google
How to Acquire New Clients Using Content MarketingGo to article >>
— xrplorer.com forensics (@xrpforensics) March 24, 2020
Leannekera said that sick, and in the isolation of quarantine, she made the decision to consolidate her cryptocurrencies into Bitcoin as “money is tight,” and she believed that the consolidation would “recoup around 20%” of her and her husband’s losses.
“I recalled the Ledger having a Chrome extension and this is when the scam starts,” she wrote.
The scam was particularly malicious because of steps that hackers may have taken to make it appear to be legitimate: “the only ledger extension on the Chrome store is one by the name of ‘Ledger Wallet’ or ‘Ledger Live,’” she wrote.
“It claims to be from Ledger.com ® or Ledger Official ® and for all intents and purposes looks legitimate. It even had over 70 positive 4-5 star reviews, ranging from ‘Its a little difficult to operate’ to ‘once I understood what to do it was easy.’”
However, the extension then prompted her to enter her wallets’ proprietary seed phrase, which allowed the hackers to take ownership of its private keys and send the XRP to their own wallet.
“The entire process took less than 8 minutes,” she said.
While the exact Chrome Extension she allegedly used is no longer online, Leannekera said that she had “seen it re-uploaded this morning” at the time of the post. Both of the links that she supplied to the alleged scam wallets were dead ends, seeming to indicate that they had been removed from the Chrome Web Store.
However, searching the web store revealed that there is a Ledger Wallet extension still live on the platform, and there are a number of reviews that say that it is a scam. Finance Magnates reached out to Ledger to confirm whether or not the app is associated with the company, but did not immediately hear back. This article will be updated when a response is received.
Unfortunately, fraudulent Chrome Extensions are nothing new to the world of cryptocurrency. In May of last year, a fake Chrome extension targeting Trezor users was discovered by ESET antivirus researchers.