Phishing attempts and scams against Ledger wallet owners are on the rise with one of these fraud collecting more than 1,150,000 XRP from its victims.
The scam used a phishing email that directed users to a fake version of the Ledger website that replaced a file homoglyph in the URL, in this case a letter that resembled the letter “e” but was not. On the fake site, victims were tricked into downloading malware posing as a security update that drains the balance from their Ledger wallet.
I got a txt message last night with my full name saying registry security warning … to download the security update. I canceled it instantly
– Kris Leslie (@ Krissy1097) November 2, 2020
According to community-run fraud detection site xrplorer, the XRP collected by the scam was sent to Bittrex through five deposits, but the exchange was “unable to seize [the XRP] in time.”
In such an ongoing scam, a phishing e-mail which appears to be sent by the official account for “Team Ripple” appeals to Ledger users by offering an XRP giveaway to “authorized addresses” as part of a “Community Support Program”. The registration process involves delivering the Ledger seed phrase or cryptographic private key to qualify for the nonexistent program.
In an email to customers sent on July 29 this year, Ledger acknowledged that she was the victim of a data breach in which nearly a million email addresses were compromised, along with the personal details of a subset. of 9,500 customers. Although the vulnerability that led to the leak on Ledger’s website was quickly fixed, the damage had already been done and it appears that scammers are coming up with creative ways to use addresses to trick Ledger users into giving up their coins.
The idea of phishing cryptographic credentials via URLs containing homoglyphs is not new, and scams employing this tactic have targeted XRP owners throughout the year, even before email leaks.
In 2018, scammers created a fake Binance site, complete with an SSL certificate. However, eagle-eyed users noticed that the “n” had been replaced with a version that included an underdot (ṇ).
In March, the creators of a fake Google Chrome extension for Ledger managed to steal 1.4 million XRPs in less than a month.