A malicious Google Chrome extension reportedly cost one user around $16,000 worth of cryptocurrency.
A bogus extension called “Ledger Secure,” that passes itself off as a cryptocurrency wallet, is believed to be responsible for the loss, Decrypt reports. The app allegedly sends a user‘s seed phrase back to its creators. With the seed phrase, bad actors can access another individual’s cryptocurrency illegitimately.
In @hackedzec's case, 600ZEC were taken from his Ledger Nano by the extension author.
What's to learn?👇
— WizardofAus 🇦🇺⚡🌮 [Jan3🔑] (@BTCSchellingPt) January 2, 2020
It should be noted that French company Ledger is not affiliated to the “Ledger Secure” extension.
In a tweet following the phishing scam, Ledger warned that “Ledger Secure” is not a legitimate application. It urged users to report the extension to encourage Google to remove it.
A Chrome extension malware has been detected called "Ledger Secure". This is NOT a legitimate Ledger application
DO NOT use it and contact us if you've installed it:https://t.co/bRaDjYHZbY
You can help by reporting the extension:https://t.co/oltHbtA8RR
— Ledger Support (@Ledger_Support) January 2, 2020
The affected Twitter user, now going by the handle “hackedzec”, claims the extension led to them losing 600 ZEC — about $16,000 at the time of writing.
The victim says they only entered their seed phrase into their computer once, about two years ago. They also say they photocopied their seed phrase using a WiFi-connected printer once as well. It’s difficult to say if these two instances were to blame. How the malicious extension got hold of their seed phrase is unclear.
The victim became aware of the shady extension after they reportedly found a file on their computer that linked to a Twitter account for the fake “Ledger Secure” extension. The Twitter account appears to pass itself off as a legitimate Ledger account.
It seems Google is still a bit hit-and-miss when it comes to removing illicit cryptocurrency apps from its Play Store and browser extensions.
This news comes in the same week that MetaMask was removed from — and swiftly reinstated to — Google’s Play Store after thinking it was a cryptocurrency mining app.