After a massive leak of email and private information earlier in 2020, Ledger users are now encountering a surge in phishing attempts. Interestingly, one such scam netted over 1,150,000 XRP from its victims.
This particular scam used a phishing email that managed to direct users to a fake version of the Ledger site that substituted a homoglyph in the URL. Notably, in this case, they used a letter that resembled the letter ‘e’ but it wasn’t. After heading to the fake site, victims were duped into downloading malware that posed as a security update and it drained the balance in their Ledger wallet.
This phishing scam (notice the fake domain lẹdger.com), has already stolen more than 1,150,000 XRP from @Ledger users. Please watch out!
We will follow the money. pic.twitter.com/Q8XD2awdo7
— XRP Forensics (@xrpforensics) November 2, 2020
The XRP collected from the scam was then sent to Bittrex across five deposits, according to community-operated fraud awareness site xrplorer. Sadly, the exchange could not seize the stolen XRP in time.
In another ongoing scam, a well-designed phishing email that seems to originate from the official account from “Team Ripple” appeals to Ledger customers by floating an XRP giveaway. The alleged giveaway targets “whitelisted addresses” as part of a “Community Support Program.”
The involved registration process consists of handing over a customer’s Ledger seed phrase or crypto private key to qualify for the non-existent program.
In a July 29, 2020 email sent to users, Ledger confirmed that it had been the victim of a data breach in which almost one million email addresses were compromised. Also, the personal details of a subset of 9,500 customers were exposed.
Even though that vulnerability that resulted in the leak on the Ledger site was quickly repaired, the damage had already been done. Now, scammers seem to be coming up with creative methods of using the addresses to trick Ledger users into giving up their possessions.
The Phishing Strategy Is Not New
This idea of cryptocurrency credential phishing through homoglyph-containing URLs is not new. The scams that use this method have been targeting XRP holders throughout the year, right even before the email leak. Back in 2018, scammers set up a phony Binance website that came complete with an SSL certificate. Nonetheless, keen users discovered the ‘n’ had been replaced with a peculiar version that included an underdot (ṇ).
In March 2020, the creators of a fake Google Chrome extension for Ledger managed to steal 1.4 million XRP in less than one month.