LEDGER LIVE

DESCRIPTION OF EVENTS

"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."

"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."

"Ledger Live’s backed up by the most trusted hardware wallet available. Our wallets are independently certified and designed to resist sophisticated cyber attacks. So you’re in full control."

"Since the introduction of the Chrome Web Store in 2011, it has become the largest catalog of browser extensions with over 200,000 available to all of our users. This has helped millions of users to customize their browsing experience on Chrome in ways we could have never imagined, from niche utilities to companies building businesses around the platform’s capabilities."

"I’m self isolated as I am one of the many victims of Covid-19. I’m confined to a room in our house while my husband who is a key worker, continues to leave for work each day during the UK’s first lockdown. He’s an absolute hero, but I desperately wish our circumstances where different. I desperately wish I could just hug him."

"I have little but a laptop to keep me sane during the day at the minute, so I am frequenting Reddit often and keeping an eye on the crypto markets. Due to the situation right now money is tight, however I had worked out that by consolidating a few of our other crypto I would be able to recoup around 20% of our losses to help."

"We have our xrp stored in an offline Ledger Nano. The keywords are stored in a separate location and I knew never to divulge them to a 3rd party. Why I ended up doing just that, I can’t explain or understand. I can only put it down to the constant fever brought on by the virus. Believe me guys, this isn’t like flu!"

"So… I begin the day by selling a load of our other crypto currency for bitcoin, sold some to help us and I then consolidate the remaining into xrp. I then load up our Ledger. It’s been a while since I last accessed our Ledger (2018), and have since changed my computer. I recalled the Ledger having a Chrome extension and this is when the scam starts."

"The only ledger extension on the Chrome store is one by the name of “Ledger Wallet” or “Ledger Live”. It claims to be from Ledger.com ® or Ledger Official ® and for all intents and purposes looks legitimate. It even had over 70 positive 4-5 star reviews, ranging from “Its a little difficult to operate” to “once I understood what to do it was easy”."

"Once you download the Chrome extension, it will ask for the version of Ledger you are using, followed by a screen prompting you to fill in your full set of keywords."

"I sat there typing each keyword out, double checking each one and not once did I think that this app wasn’t legitimate. I feel so very stupid."

"The app didn’t appear to work, so I downloaded a trusted wallet instead. I thought nothing of it and continued. At this point our Ledger contained 14,908 xrp. My husband and I had built this up as our nest egg since 2017."

"As I started to look into transferring the small amount of xrp I had recouped that morning, out of the corner of my eye, I watched as 14,889.740739 xrp vanished from our account. The entire process took less than 8 minutes."

"Due to the virus and shock, I believe I may have then fainted. I cant be sure."

"I have since filed a report with Ripple, the FBI and my local Fraud Police. My husband has been ridiculously understanding. He says its just money and right now our focus should be on getting better / staying safe. I feel devastated."

"I apologise for how long this post is. I guess I wanted to vent a little too. I’m so upset."

"Google removed 49 Chrome extensions imitating MEW, Ledger, Trezor, and other popular cryptocurrency wallets. Phishing attempts are on the rise, and in this stressful time, it’s also easy to make an irreversible mistake losing your crypto whether you’re new to crypto or an experienced hodler."

"[In late April], Google announced yet more restrictions aimed at cleaning up the Chrome Web Store, noting "the increase in adoption of the extension platform has also attracted spammers and fraudsters introducing low-quality and misleading extensions in an attempt to deceive and trick our users into installing them to make a quick profit.""

"The Chrome app is no longer live. I have however seen it re-uploaded this morning and have reported it. If you do a search for Ledger in the Chrome Store tomorrow morning I am sure you will see it there."

"In May 2020, a cybersecurity researcher discovered 22 malicious Google Chrome extensions imitating crypto services like Ledger and MetaMask."

"Talking to Naked Security, Denley explained that he finds new ones each day. He pointed us to this Pastebin entry showing the original 49 he reported in April, along with another 22. The new ones impersonated the Ledger, KeepKey, MetaMask, and Jaxx wallets. The IDs on the left are extension IDs, which show up at the end of an extension’s URL when viewed in the Chrome store."

"The extensions he discovered impersonated well-known crypto firms such as Ledger, KeepKey, MetaMask and Jaxx. Their purpose is to trick users into giving away the credentials needed to access their wallets."

"MEANWHILE, Google _keeps on approving phishers_. The quantity of impostor MetaMasks on the Chrome store has been growing, and apparently they all pass the manual security review. FURTHERMORE they are all allowed to buy premium Google ad space at the top of search results."

"Dan Finlay, lead developer of MetaMask, took to Twitter to get help from Google, because "it seriously sometimes seems like they're only optimized to respond to social media outrage.""

"Most of the phishing extensions have already been taken down as of press time. Per the report, most were down within 24 hours of Denley reporting them."

"Finlay told The Register that if Google wants to run the Chrome Web Store with few people, then they should implement systems to automatically enforce brand and trademark restrictions for the store and its ad platforms."

"I think it would be great for Google to make a stance of respecting trademarks in their ads, but I’m not sure if that runs counter to their business model," he said. "I sure hope Google doesn’t feel they need to protect phishing to stay afloat."

"Google's ad policy says the company will review trademark complaints from trademark holders, but only after receiving a complaint. Google's Chrome Web Store developer agreement forbids developers from violating intellectual property rights, which probably doesn't mean much to committed law-breakers. At the same time, it makes clear, "Google is not obligated to monitor the Products or their content.""

"Most of the phishing extensions have already been taken down as of press time. Per the report, most were down within 24 hours of Denley reporting them." "Harry Denley, director of security at MyCrypto, who identified the previous lot of bad extensions, told The Register at least eight among the latest crop of 11 impostors, pretending to be crypto-wallet software KeyKeep, Jaxx, Ledger, and MetaMask, have been taken down."

In August 2020, "Google acknowledged a general problem with malicious extensions and has announced new rules for the Chrome Web Store."

A fake Google Chrome application appeared for Ledger Live, and a user downloaded it. They entered their full seed phrase when setting up the wallet. Their funds were taken by an attacker.

HOW COULD THIS HAVE BEEN PREVENTED?

Always check and visit the official website of a service. The majority of funds should be stored offline and not on a live wallet application. When setting up a new wallet or upgrading wallet software, never enter your pass phrase or send any funds without first transferring a smaller amount.

Check Our Framework For Safe Secure Exchange Platforms

4 Basic Ways To Keep Your Crypto Safe | HackerNoon (Jan 24)
PLEASE BEWARE - 14,000 XRP stolen from my Ledger : Ripple (Jan 24)
XRP price today, XRP live marketcap, chart, and info | CoinMarketCap (Aug 7)
Ledger Live : Most trusted & secure crypto wallet | Ledger (Feb 13)
Fake Ledger Chrome Extensions Continue to Steal Crypto From Victims - YouTube (Mar 19)
Mystery Hacker Tries to Steal Crypto Through Fake Google Chrome Wallet Extensions - CoinDesk (Mar 19)
49 crypto-wallet pickpocketing browser extensions booted from the Chrome web store (Mar 19)
Scammers Are Using Fake Devices to Steal Cryptocurrency Wallets | PCMag (Mar 6)
Physical addresses of 270K Ledger owners leaked on hacker forum (Jan 31)
Ledger Raises $380 Million to Expand DeFi Solutions - Crypto Briefing (Mar 19)
Nasty Ledger wallet scams. And how to avoid them. - Who Took My Crypto (Mar 20)
Discovering Fake Browser Extensions That Target Users Of Ledger Trezor Mew Metamask And More (Aug 22)
Fake Chrome extension steals crypto from users, warns Ledger Wallet | Invezz (Aug 22)
The Dangers Of Malicious Browser Extensions (Aug 22)
My money from my ethereum account were stolen after I acceded the account via MEW CX extension. - Google Chrome Community (Aug 22)
Downloaded new KeepKep Client, my funds were stolen 10 Minutes Later... Who do I vengefully hunt down?! : keepkey (Aug 22)
Metamask got hacked - Moralis Academy Forum (Aug 22)

More case studies

Synthetix Ether
Collateral Bug

Aragon Court
Vulnerabilities