Hackers are perhaps the villains in the cryptocurrency industry as they continue to look for better ways to steal digital currencies from both traders and exchanges. While there have been few reports about attacks on trading platforms recently, these bad actors have seemingly shifted more focus to new and unsuspecting crypto users.
1.4M XRP Lost To Fake Ledger Extension
Since the start of the year, there have multiply reports from crypto wallet users who lost their funds after using several fake chrome extensions pretending to be from wallet providers like Ledger, Tezor, Metamask, etc.
These fake browser extensions were advertized on Google Search, and once installed, they collect the backup passphrase of the user via Google Doc, which will then be used to empty the victim’s account.
Data gathered by XRPlorer forensics last month suggests that XRP users lost up to 1.4M XRP (currently appr. $262,339) in February to a malicious Ledger extension that appeared on Google search as an ad.
Targetting Major Crypto Brands
As the use of fake browser extensions to scam crypto users continues to increase, MyCrypto, in collaboration with PhishFort, investigated the attacks. MyCrypto is a platform that claims to keep “an eye on the type of attacks that come to cryptocurrency users” daily. PhishFort, on the other hand, is a startup that provides anti-phishing solutions to businesses.
According to the findings, the hackers targetted and created malicious extensions for eight major crypto wallet brands, including Ledger, Trezor, Jaxx, Electrum, MyEtherWallet (MEW), MetaMask, Exodus, and Shapeshift’s KeepKey.
These extensions use a phishing method to collect the secret phrases of users. Without suspecting any foul play, users freely enter their passphrase, and then “the extension sends an HTTP POST request to its backend where the bad actors receive the secrets and empty the accounts,” the report explained.
Some of the extensions had fake 5-star ratings and positive feedback to lure more users into downloading them. MyCrypto and PhishFort said they reported the extensions on Google Webstore and had removed 49 of them within 24 hours.
Ledger Records Many Fake Extensions
The findings suggest that the fake crypto extensions started appearing slowly in the Webstore around February 2020, with just 2.04% of the extensions published. The number grew in March to 34.69%, and within the first two weeks of April, 63.26% were published.
The dataset further revealed that Ledger is the most targeted brand, but there was no clear reason for that. Ledger suffered 57% of the fake extensions, MEW – 22%, Trezor – 8%, Electrum – 4%, KeepKey – 4% and Jaxx – 2%.
The crypto industry has no doubt become the playground for hackers. With these nefarious players always looking out for new ways of attack, cryptocurrency users need to learn how to protect themselves from phishing, cryptojacking, sim swapping, and other forms of security compromises that could lead to loss of data and funds.