QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
AUGUST 2018
GLOBAL
LEDGER
DESCRIPTION OF EVENTS
"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."
"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."
"Here we go again with the fake apps on Play Store... First, it was MEW and now it's Ledger."
"For only $25, you can create a merchant account and post your app (legit or not) on the Play Store."
"This is potentially dangerous for those who do not know how hardware wallets working, and in this case it is asking from users to enter their seed which is a sufficient sign that this is not a legal application. We can only try to take it down ASAP, but unfortunately policy of Google Play does not work in our favor. I did not really know that is so easy for scammers to upload fake software on store, same as it was easy to use Google AdWords to scam thousands of users with fake crypto wallets."
"Please be careful and help us having the app removed by reporting it."
"Lets push that scammer app down. Why it is so easy for them to allow such copy cat apps to exist and register on their platform? Aren't they reviewing it and do some verifications before approving it? Download only directly to the legit ledger site."
"It was a fake app, i don't think scammers would build an app that would have Ledger device recognising function, it would be a simple app that asks one to "import seeds" as mjglqw said. Ledger still has not addressed this, which worries me a lot, people can lose their money. they should warn the users or just release the app on all platforms."
"[Preventing this] seems simple, but it's not in reality. In order to have people manually verify each application, they need to have enough knowledge to fundamentally break down code, have enough knowledge when it comes to the crypto space, and have enough knowledge when it comes to the various wallet clients that we have. If all that isn't in place, the fake ledger app would even have been approved by a human."
"Ledger oddly didn't post anything about this (they made a warning when there was a fake Chrome extension around). Like mjglqw said, all the app did was ask for your wallet seed. Unfortunately, I've seen a user saying that his friend thought the app was legit and got scammed, so at least a few users were affected..."
"[T]he app got removed. Thanks, everyone!"
Another fake Ledger application appeared on the Google Play store in August 2018. The application requested the seed phrase of the end user, which was then sent to the attacker. There are reports that at least one person had their funds stolen through this application, though the amount lost is unknown.
HOW COULD THIS HAVE BEEN PREVENTED?
Never enter the seed phrase anywhere except the Ledger hardware wallet.
[WARNING] Fake Ledger Live app on Play Store (Mar 19)
Ledger Live : Most trusted & secure crypto wallet | Ledger (Feb 13)
Ledger Refuses Refunds, Tells Clients “Bank Vault Is More Secure” | Financegates (Mar 19)
Physical Addresses of 270K Ledger Owners Leaked On Hacker Forum - Slashdot (Mar 19)
Scammers Are Using Fake Devices to Steal Cryptocurrency Wallets | PCMag (Mar 6)
