Fake Google Chrome extensions for crypto hardware wallet manufacturer and custody provider, Ledger, continue to claim victims.

On March 28, a post was published to Reddit by a user seeking to warn others that they had just lost 14,908 Ripple (XRP) (roughly $2,577) to a fake Ledger Wallet extension on the Google Chrome store. 

According to the poster, ‘leannekera’, the lost funds comprised a nest egg that she and her husband had been growing since 2017. The wallet that her XRP was sent to quickly forwarded her funds to a second wallet that currently holds nearly 15 million in XRP.

Fake Ledger Wallet Chrome extension claims COVID-19 patient as victim 

Leannekera claims to be a confirmed victim of COVID-19. She states that she is in self-imposed isolation in a single room of her house. She also notes that her husband works in an ‘essential industry’ in the United Kingdom. 

In response to financial difficulties resulting from her isolation, leannekera sought to liquidate some of her family’s crypto holdings, and move any excess funds into XRP. She stated:

“I begin the day by selling a load of our other cryptocurrency for bitcoin, sold some to help us and I then consolidate the remaining into xrp. I then load up our Ledger. It’s been a while since I last accessed our Ledger (2018), and have since changed my computer. I recalled the Ledger having a Chrome extension and this is when the scam starts.”

Leannekera recounts finding only one Ledger extension on the Chrome store, with the application claiming affiliation with Ledger.com and boasting 70 positive reviews of between four and five stars. When prompted, she entered her Ledger’s recovery seed into the extension — allowing the funds to be stolen.

Ledger warns of malicious Chrome extensions

On March 5, Ledger published a tweet warning users of malicious Chrome extensions. These extensions — identified by cybersecurity researcher Harry Denley — claim to be directly affiliated with the company. The application seeks to emulate Ledger’s desktop and mobile application Ledger Live and was even advertised on Google Ads. 

By March 24, researchers at xrplorer forensics estimated that a fake Ledger extension had absorbed 1.4 million XRP in March alone.

Crypto scammers target hardware wallet users

Opportunistic scammers have long sought to target hardware wallet users, with hackers even distributing fake hardware wallets imitating the appearance of Tezor or Ledger products at crypto conferences in 2017.

Last October, a now-deleted Reddit user posted a link to a Shopify website purporting to offer KeepKey hardware wallets for only $5 — triggering the suspicions of other Redditors. 

During May 2019, researchers also discovered a fake Chrome extension targeting Trezor users.