A fraudulent Ledger Chrome extension scam may have stolen up to $2.5 million in cryptocurrency.
As previously reported by CryptoGlobe, the fake browser extension masquerades as an official add-on for cryptocurrency hardware wallet manufacturer Ledger. Users are asked to input their 24-word seed, which allows scammers access to the wallet’s contents.
Ledger published a warning to users earlier in the month to avoid the unofficial application,
A fake Chrome extension has been found, asking to enter your 24 word recover phrase
⚠️NEVER share your 24 words
⚠️NEVER enter your 24 words into any internet-connected device
⚠️Ledger will NEVER ask for your 24 words
— Ledger Support (@Ledger_Support) March 5, 2020
A new report by FinanceMagnates claims the application may have stolen up to $2.5 million in cryptocurrency from unsuspecting victims. The report cites Reddit user u/leannekera detailing their experience with the fraudulent application after losing 14,889 XRP ($2500).
The post reads,
I have watched our xrp transfer from our account to an account that is currently holding over $2.5 million in xrp. This is clearly a large operation.
The Reddit user provided wallet addresses to their account and the scammer, which show more than 15.3 million XRP ($2.5 million).
While the fake extension was removed from the Chrome Web Store, u/leannekera claims to have seen it re-uploaded.
Researchers at XRPlorer Forensics estimated that a version of the Ledger scam had stolen more than 200K XRP in March alone.
Fake “Ledger Live” chrome extensions are used to collect user backup passphrases. They are advertised in Google searches and use Google Docs for collecting data. Accounts are being emptied and we have seen more than 200K XRP being stolen the past month alone.@Ledger @Google
— xrplorer.com forensics (@xrpforensics) March 24, 2020
Featured Image Credit: Photo via Pixabay.com