Ledger owners lose 1.1 million XRP to scam site

Published at: Nov. 6, 2020

Phishing attempts and scams against Ledger wallet owners are on the increase with one such scam netting more than 1,150,000 XRP from its victims.

The scam used a phishing email that directed users to a fake version of the Ledger website that substituted a homoglyph in the URL — in this case a letter that looked like the letter ‘e’ but wasn’t. On the fake site, victims were fooled into downloading malware posing as a security update which drained the balance from their Ledger wallet.

I got a txt message last night with my full name saying ledger security alert....to download the security update. Deleted it instantly

— Kris Leslie (@Krissy1097) November 2, 2020

According to community run fraud awareness site xrplorer, the XRP collected from the scam was sent to Bittrex across five deposits, but the exchange was “unable to seize [the XRP] in time.”

In a similar ongoing scam, a phishing email that appears to be sent from the official account for “Team Ripple” appeals to Ledger users by offering an XRP giveaway to “whitelisted addresses” as part of a “Community Support Program.” The registration process involves handing over your Ledger seed phrase or crypto private key in order to qualify for the non-existent program.

In an email to customers sent on Jul. 29th of this year, Ledger acknowledged that it had been the victim of a data breach in which close to a million email addresses were compromised, along with the personal details of a subset of 9,500 customers. Although the vulnerability leading to the leak on the Ledger website was quickly patched, the damage had already been done, and scammers appear to be coming up with creative ways to use the addresses to trick Ledger users into giving up their coins.

The idea of crypto credential phishing via homoglyph-containing URLs is not new and scams employing this tactic have been targeting XRP holders across the course of the entire year, even before the email leak.

In 2018, scammers set up a fake Binance site, complete with an SSL certificate. However eagle eyed users noticed the ‘n’ had been replaced with a version that included an underdot (ṇ).

In March, creators of a fake Google Chrome extension for Ledger managed to steal 1.4 million XRP in less than a month.

Tags
Xrp
Related Posts
Youtuber Explains How Crypto Scammers Took Control of His Account
The modus operandi of crypto scammers differ in each case as it happens with the rest, but this time, a popular Youtuber who has 2.43 million subscribers explained on August 20 how his channel was seized by hackers to launch an XRP fake giveaway campaign. According to a video published by David Damasceno, who runs Universo Curioso, cybercriminals took control of his account after receiving a contact request from an individual offering him a video editing tool. The fake software was called Zenium Editor, which also handles advertising revenues, and when Damasceno downloaded and installed the app, the damage has …
Altcoin / Aug. 23, 2020
MoneyGram Reveals Real-Time Remittance Tech, Based on Visa not Ripple
Remittances giant MoneyGram announced a new service allowing real-time money sending, but the solutions of its blockchain partner Ripple are not involved. MoneyGram recently announced FastSend, a new service that allows its customers to send money in real-time to a phone number via a dedicated website or mobile application. Still, the firm’s answers to Cointelegraph’s inquiries revealed that surprisingly MoneyGram’s latest product does not make use of Ripple’s technology. You don’t need blockchain for real-time settlements Kamila Chytil, MoneyGram Chief Operating Officer explained to Cointelegraph that FastSend uses Visa’s Direct Original Credit Transaction to deliver funds to bank accounts through …
Blockchain / Feb. 16, 2020
Fake Ledger Chrome Extensions Continue to Steal Crypto From Victims
Fake Google Chrome extensions for crypto hardware wallet manufacturer and custody provider, Ledger, continue to claim victims. On March 28, a post was published to Reddit by a user seeking to warn others that they had just lost 14,908 Ripple (XRP) (roughly $2,577) to a fake Ledger Wallet extension on the Google Chrome store. According to the poster, ‘leannekera’, the lost funds comprised a nest egg that she and her husband had been growing since 2017. The wallet that her XRP was sent to quickly forwarded her funds to a second wallet that currently holds nearly 15 million in XRP. …
Altcoin / March 29, 2020
Ripple, Binance impersonators target XRP holders via fake staking program
Online fraudsters are impersonating major cryptocurrency firms like Ripple and Binance by creating fake websites and email imposters pretending to provide staking services for XRP. One such website, ripple.com-staking.tech, includes a blog post titled “XRP staking set to debut January 2023 for retail users,” inviting users to “stake” their XRP with unrealistic returns on investment (ROI), ranging from 12% to 27%. The fake scheme attempts to rush XRP investors’ decision by stating that only the first 10,000 accounts will receive a higher ROI. The fake website provides a well-crafted clone of Ripple’s website, ripple.com, by copying the original layout, and …
Altcoin / Jan. 25, 2023
Altcoins and stocks move higher after Bitcoin price rally to $40,000
The price of Bitcoin (BTC) hit a new all-time high above $40,000 on Jan. 7 after the price increased by more than $5,000 in less than 24-hours. The $40,000 barrier marks a significant milestone for the top-ranked cryptocurrency. According to Matt Blom, head of global sales trading at EQUOS: “Bitcoin's march to $40k has been driven by fresh capital from huge hedge funds, corporate treasuries and awareness from the investing public that all is not well in the world of fiat. It’s easy to forget that we are still in the very early stages of adoption." Blom added that instead …
Bitcoin / Jan. 7, 2021