Ledger Wallet User Allegedly Lost $16K to Malicious Browser Extension
Twitter user and software architect WizardofAus (@BTCSchellingPt) has warned cryptocurrency holders against a Chrome extension for Ledger crypto wallets that allegedly contains malware.
In a tweet posted on Jan 2., WizardofAus claimed that:
“Malware Chrome extension alert. If you have "Ledger Secure" installed - REMOVE IT. The @ChromeExtension "Ledger Secure" contains malware that passes your seed phrase back to the extension's author. This is *not* a @Ledger product. Successfully used against @hackedzec.”
“@hackedzec”’s Twitter handle was notably created in Jan. 2020; both the handle’s novelty and the chosen name suggest that he created the account specifically to spread awareness following his experience of the malware.
The official Ledger Support Twitter handle confirmed the detection of the extension malware on Jan. 2, using the header “PHISHING ALERT.”
Former Trezor executive and contributor to the “Little Bitcoin Book” Alena Vranova retweeted WizardofAus’ tweet with the comment: “another proof that the word ‘secure’ does not imply security.”
Learning from others’ expensive mistakes
In WizardofAus’ account, 600 in Zcash (ZEC) — worth roughly $16,000 by press time — was stolen from @hackedzec’s holdings in his Ledger Nano by the Chrome extension’s creator.
Referring to Casa founder Jeremy Welch’s warnings last year against browser extension malware at the Bitcoin (BTC) event Baltic HoneyBadger in Riga, WizardofAus outlined the risks posed by these products — and what users can do to protect themselves:
“Firstly, be very careful what extensions you install. If you're using the same computer for your crypto as you use generally, be extra diligent. Better to have a separate minimal machine - or use a Virtual Machine that is the only place you do crypto activity.”
Other due diligence includes using only the wallet vendor’s proprietary software — in this case, Ledger’s — and double-checking that it really comes from the vendor’s website via a secure link.
Users can also verify the checksum of the downloaded file before running the software. A checksum, also known as a hash, is a hexadecimal number that is unique to the installer .exe file created by the author. The downloaded file, assuming it has not been tampered with by a third party, should match the checksum on the vendor’s site.
Browser risks
Just two days ago, Cointelegraph reported on an Ethereum (ETH) wallet Chrome browser extension known as “Shitcoin Wallet” that has reportedly been injecting malicious javascript code from open browser windows to steal data from its users.