Over 1.4M XRP allegedly stolen via fake ‘Ledger Live’ Chrome extension
Scammers may have pivoted from the world’s largest cryptocurrency, Bitcoin, to other parts of the industry by plaguing inboxes with malware over the years. And as the ecosystem has evolved and become more equipped to tackle these frauds, the bad guys have now resorted to newer and more obscure ways to exploit these loopholes.
In a recent development, ‘xrplorer forensics’ identified ‘Ledger Live’ as a fraudulent Google Chrome extension that collects backup passphrases of users. In a series of tweets, ‘xrplorer forensics‘ revealed that these extensions are advertised on Google searches and use Google Docs for the purpose of collecting data.
It further revealed,
“Accounts are being emptied and we have seen more than 200K XRP being stolen the past month alone. We don’t have figures from other currencies. Don’t EVER download tools for your hardware wallet from other places than the vendor directly. The screenshot shows a POST request from an extension.”
‘xrplorer forensics’ went on to add,
“We were a bit quick to add a 200K XRP figure to this. It is close to 1.4M. Most are still in accounts, what has been cashed out has been so through HitBTC.”
This is not the first time the perps have targeted the XRP community, however, as Gatehub had previously revealed in a preliminary statement about funds on the XRP Ledger wallets being compromised way back in June 2019.
AMBCrypto had also previously reported on scammers using a fake ‘Ripple Insights’ page, one that made subtle changes to the original page using special characters to give an impression of ingenuity. The page in question, however, was filled with fake articles on airdrops and giveaways.
Reports of scammers creating fake live streams of Ripple and XRP in an attempt to defraud people is not new either and a few of these have even been quite successful in convincing users to send funds to fake projects.
More recently, a scam account purported to be of Ripple CEO Brad Garlinghouse on YouTube was brought to notice by the Co-founder of SPQR, who goes by the name ‘Andy_SPQR’ on Twitter. This scam account had been using a video to promote an XRP airdrop scam. The video description claimed that the airdrop was taking place from 20 March to 25 March.