- Ledger wallet users have been targeted in a recent wave of phishing attacks.
- Scammers tricked users into going to a fake Ledger site and downloading a malicious file that stole XRP.
- Over 1.1 million in XRP was stolen in a scam which comes as a consequence of a Ledger data breach.
The crypto industry is known for high risk, which does not always refer to volatility or quality of projects. Hacks, scams, and alike have been a part of it for ages, and there is always someone attempting to get crypto at others’ expense.
The most recent string of incidents revolved around Ledger users, who were targeted by scammers through phishing attempts.
Phishing Attacks Targeting Owners of Ledger Wallet
According to recent warnings, it appears that a major leak of email and personal data from earlier this year is finally catching up to Ledger users. Scammers have seemingly been targeting them for a while, and already, they managed to scam people out of more than 1.1 million XRP coins.
Scammers have been using a phishing email that alerted users to a fake version of Ledger’s website, Sharp-eyed users have found a simple way of telling if the warning is fake. The fake version used a homoglyph in the URL to replace the letter ‘e.’
This phishing scam (notice the fake domain lẹdger.com), has already stolen more than 1,150,000 XRP from @Ledger users. Please watch out!
We will follow the money. pic.twitter.com/Q8XD2awdo7
— XRP Forensics (xrplorer.com) (@xrpforensics) November 2, 2020
But, most people do not think to check things like that, and instead, they get tricked into going to the fake site. There, the site tricks them again into downloading malware that claims to be a security update. If downloaded, malware will steal the money from the users’ Ledger wallet.
Scammers Got Rid of the Coins Before being Detected
Xrplorer — a fraud awareness site, run by the community — recently reported that the coins collected in the scam were sent out in five different transactions, all of which ended up at Bittrex. However, the exchange did not manage to seize the coins in time.
The scams are a consequence of a data breach that took place earlier this year. Ledger confirmed the breach in an email sent to its users on July 29th, noting that nearly a million emails were compromised, as well as 9.500 customers’ details. The company did patch the vulnerability that led to this situation, but the damage had been done.