Ledger Wallet User Allegedly Lost $16K to Malicious Browser Extension

Published at: Jan. 2, 2020

Twitter user and software architect WizardofAus (@BTCSchellingPt) has warned cryptocurrency holders against a Chrome extension for Ledger crypto wallets that allegedly contains malware.

In a tweet posted on Jan 2., WizardofAus claimed that:

“Malware Chrome extension alert. If you have "Ledger Secure" installed - REMOVE IT. The @ChromeExtension "Ledger Secure" contains malware that passes your seed phrase back to the extension's author. This is *not* a @Ledger product. Successfully used against @hackedzec.”

“@hackedzec”’s Twitter handle was notably created in Jan. 2020; both the handle’s novelty and the chosen name suggest that he created the account specifically to spread awareness following his experience of the malware.

The official Ledger Support Twitter handle confirmed the detection of the extension malware on Jan. 2, using the header “PHISHING ALERT.”

Former Trezor executive and contributor to the “Little Bitcoin Book” Alena Vranova retweeted WizardofAus’ tweet with the comment: “another proof that the word ‘secure’ does not imply security.”

Learning from others’ expensive mistakes

In WizardofAus’ account, 600 in Zcash (ZEC) — worth roughly $16,000 by press time — was stolen from @hackedzec’s holdings in his Ledger Nano by the Chrome extension’s creator.

Referring to Casa founder Jeremy Welch’s warnings last year against browser extension malware at the Bitcoin (BTC) event Baltic HoneyBadger in Riga, WizardofAus outlined the risks posed by these products — and what users can do to protect themselves:

“Firstly, be very careful what extensions you install. If you're using the same computer for your crypto as you use generally, be extra diligent. Better to have a separate minimal machine - or use a Virtual Machine that is the only place you do crypto activity.”

Other due diligence includes using only the wallet vendor’s proprietary software — in this case, Ledger’s — and double-checking that it really comes from the vendor’s website via a secure link.

Users can also verify the checksum of the downloaded file before running the software. A checksum, also known as a hash, is a hexadecimal number that is unique to the installer .exe file created by the author. The downloaded file, assuming it has not been tampered with by a third party, should match the checksum on the vendor’s site.

Browser risks

Just two days ago, Cointelegraph reported on an Ethereum (ETH) wallet Chrome browser extension known as “Shitcoin Wallet” that has reportedly been injecting malicious javascript code from open browser windows to steal data from its users.

Tags
Related Posts
Google Removes 49 Phishing Extensions That Steal Cryptocurrency Data
Google recently removed 49 phishing Google Chrome web browser extensions after receiving reports about their activity. Harry Denley, director of security at cryptocurrency wallet startup MyCrypto, explained in an April 14 Medium post how he got the extensions removed from Chrome’s store within 24 hours with the help of phishing-specialized cybersecurity firm PhishFort. The removed extensions include ones that targeted the owners of hardware wallets produced by Ledger, Trezor and KeepKey, and users of software wallets Jaxx, MyEtherWallet, Metamask, Exodus and Electrum. The extensions triggered the users to enter the credentials needed to access the wallet — such as mnemonic …
Technology / April 15, 2020
Ledger Wallet Warns of Fake Google Chrome Extension Stealing Crypto
Major cryptocurrency hardware wallet supplier Ledger has warned its users about another phishing attack trying to steal their crypto — this one using a Google Chrome extension. In a March 5 tweet, the French crypto company specified that there is a fake extension on Google Chrome browser that attempts to steal users’ crypto by asking them to enter their 24-word recovery phrase to access their wallet. Ledger Live gets removed from the Chrome Web Store The phishing attack was reported by Catalin Cimpanu, a cybersecurity reporter at business technology news website ZDNet on March 4. According to Cimpanu, the malicious …
Altcoin / March 6, 2020
$6.4M Worth of FSN Tokens Stolen From Fusion Network’s Swap Wallet
Fusion Network’s token swap wallet was compromised. Roughly a third of FSN tokens was stolen as a result. Fusion Foundation announced in a Medium post published on Sept. 29 that its swap wallet was compromised, which resulted in the theft of 10 million native FSN and 3.5 million Ethereum (ETH)-based ERC-20 FSN tokens. The total worth of stolen FSN tokens was estimated at around $6.4 million at that time. The Foundation’s investigation has not revealed any other affected wallets so far. The alleged cybercriminal reportedly started to launder the coins already: “After the currency was stolen, abnormal wash-trading behaviour occurred, …
Altcoin / Sept. 29, 2019
IOTA Foundation Launches Trinity, a New Software Wallet for IOTA tokens
The IOTA Foundation has launched the Trinity wallet, as the organization announced in a press release on July 2. The announcement advertises the Trinity wallet as an improve to both ease-of-use and security for users conducting transactions in IOTA, with the purported goal of appealing to both new and advanced users. Reportedly, the wallet’s beta version has seen 160,000 downloads and transactions worth over $1.8 billion of IOTA. Cybersecurity firms SixGen andAccessec audited the application in advance of release. As a software wallet, Trinity is designed for compatibility with Ledger’s hardware wallets, as Ledger has worked alongside the IOTA Foundation …
Altcoin / July 2, 2019
Crypto Hardware Wallet Ledger Resumes Bitcoin Cash Services
Bitcoin Cash (BCH) services for cryptocurrency hardware wallet Ledger have resumed, according to an announcement published Nov. 23. Ledger suspended its BCH service on Nov. 14 in anticipation of the cryptocurrency’s hard fork “to prevent unwanted transactions and potential replay attacks.” During the service pause it was not possible to send BCH through the wallet’s infrastructure. The BCH network experienced an upgrade on Nov. 15, resulting in a complex battle and eventually splitting the blockchain into two — BCH ABC supported by crypto evangelist Roger Ver and BCH SV led by Craig Wright. The hash war led cryptocurrency exchanges around …
Altcoin / Nov. 24, 2018