1,400,000 XRP Stolen Via Fake Chrome Extension


Ledger users, beware. There are some bad actors operating right now looking to seize your backup seeds. If you see an ad on a Google search for a Ledger Live Chrome extension – avoid it like the plague. According to xrplorer forensics, around 1.4MN XRP has already been stolen so far–but all coins are at risk.

XRP Users Hit Hardest by Fake Extension

Yesterday, xrplorer forensics put out a warning tweet telling its followers that more than 200k XRP had been stolen in the past month. This is due to fake “Ledger Live” Chrome extensions that are stealing its victims’ backup phrases to get its hands on their cryptocurrency. It warned that:

Accounts are being emptied

Fake “Ledger Live” chrome extensions are used to collect user backup passphrases. They are advertised in Google searches and use Google Docs for collecting data. Accounts are being emptied and we have seen more than 200K XRP being stolen the past month [email protected] @Google

— xrplorer forensics (@xrpforensics) March 24, 2020

The XRP forensics explorer only had data pertaining to XRP. However, it warned that all cryptocurrencies were at risk, saying:

We don’t have figures from other currencies. Don’t EVER download tools for your hardware wallet from other places than the vendor directly. The screenshot shows a POST request from an extension.

Rather alarmingly, a few hours later, the XRP tracker posted a second update. Its initial figures were nowhere near the true numbers. In actual fact, it was closer to 1.4M stolen XRP:

We were a bit quick to add a 200K XRP figure to this. It is close to 1.4M.

— xrplorer forensics (@xrpforensics) March 24, 2020

According to further analysis, the team was able to gather that while most of the stolen XRP was still held untouched in an account, some funds had recently been sold on HitBTC. The crypto exchange has been notified, however it has so far failed to officially respond to the issue.

Most are still in accounts, what has been cashed out has been so through @hitbtc

— xrplorer forensics (@xrpforensics) March 24, 2020

Always Follow Best Practices Online

This latest warning doesn’t just apply to XRP holders or even Ledger users. This is a wake-up call to everyone in the space. With north of $4.5bn worth of cryptocurrency stolen in 2019 alone, you should always follow best practices online.

That means never clicking on links through emails to reach your wallet or exchange account. Never downloading a plugin unless you’re 100% sure of the source, and bookmarking the official page so that you can trade and transact with confidence.

There are a lot of hackers and scammers in the cryptocurrency space looking to steal your funds. Don’t make their jobs any easier for them.

What do you make of the latest XRP scam? Let us know your thoughts in the comment section below!

Images via Shutterstock, Twitter @xrpforensics

Leave a comment

Your email address will not be published. Required fields are marked *