Phishing attempts and scams against Ledger wallet owners are on the increase with one such scam netting more than 1,150,000 XRP from its victims.
The scam used a phishing email that directed users to a fake version of the Ledger website that substituted a homoglyph in the URL — in this case a letter that looked like the letter ‘e’ but wasn’t. On the fake site, victims were fooled into downloading malware posing as a security update which drained the balance from their Ledger wallet.
I got a txt message last night with my full name saying ledger security alert….to download the security update. Deleted it instantly
— Kris Leslie (@Krissy1097) November 2, 2020
According to community run fraud awareness site xrplorer, the XRP collected from the scam was sent to Bittrex across five deposits, but the exchange was “unable to seize [the XRP] in time.”
In a similar ongoing scam, a phishing email that appears to be sent from the official account for “Team Ripple” appeals to Ledger users by offering an XRP giveaway to “whitelisted addresses” as part of a “Community Support Program.” The registration process involves handing over your Ledger seed phrase or crypto private key in order to qualify for the non-existent program.
In an email to customers sent on Jul. 29th of this year, Ledger acknowledged that it had been the victim of a data breach in which close to a million email addresses were compromised, along with the personal details of a subset of 9,500 customers. Although the vulnerability leading to the leak on the Ledger website was quickly patched, the damage had already been done, and scammers appear to be coming up with creative ways to use the addresses to trick Ledger users into giving up their coins.
The idea of crypto credential phishing via homoglyph-containing URLs is not new and scams employing this tactic have been targeting XRP holders across the course of the entire year, even before the email leak.
In 2018, scammers set up a fake Binance site, complete with an SSL certificate. However eagle eyed users noticed the ‘n’ had been replaced with a version that included an underdot (ṇ).
In March, creators of a fake Google Chrome extension for Ledger managed to steal 1.4 million XRP in less than a month.