Fake Ledger Wallet Steals Over 1 Million in XRP From Investors Author: Jimmy Aki Last Updated: 26 March 2020 Reports have confirmed that a fraudulent extension on the Google Chrome web browser has robbed users of their crypto tokens. According to a series of tweets published yesterday, Xplorer Forensics, a crypto research team, confirmed that several bogus versions of the Ledger Live extension had been deployed to collect backup passphrases belonging to users. Fake “Ledger Live” chrome extensions are used to collect user backup passphrases. They are advertised in Google searches and use Google Docs for collecting data. Accounts are being emptied and we have seen more than 200K XRP being stolen the past month alone.@Ledger @Google — xrplorer forensics (@xrpforensics) March 24, 2020 The Increasing Danger of Third-Party Vendors Ledger Live is a crypto wallet application that provides support for 23 digital wallets – including XRP. The app has versions for both Android and iOS, as well as an extension for the Chrome browser. The research team explained that these fake extensions are advertised in Google searches and usually collect data on Google Docs. Every account they get access to is immediately emptied, and the firm pointed out that the hackers behind the scam have stolen up to 200,000 XRP tokens (worth $32,000 today). However, the firm amended the estimates to show 1.4 million XRP ($224,000). They pointed out that most of the stolen tokens are still being held in accounts, although a significant percentage have also been cashed out via HitBTC, a crypto exchange. The company concluded by warning members of the community against downloading any tools for their exchanges or wallets from any destination other than the official vendors. In this case, it would be the French digital wallet manufacturer Ledger. Currently, both the Google Store and the Chrome browser have two different Ledger Live extensions. This isn’t the first time that fake versions of the Ledger Live application will be making the rounds. Ledger itself issued a warning about the bogus extensions earlier this month, explaining that users should ensure that they don’t fall victim to the scheme. At the time, Harry Denley, the Director of Security at blockchain interface platform MyCrypto, explained that he wouldn’t be surprised if the trick had already worked on a few people. Denley was the first person to discover the phishing attack, and he described it as a “big problem in the cryptocurrency area, to teach people their private keys/mnemonics should stay offline.” It would appear that he’s been right on all fronts. Brad Garlinghouse and the YouTube Crypto Scam It’s one thing to steal XRP from investors. It’s another thing to use Ripple Labs CEO’s image to scam investors. Ripple Labs and Google products found themselves involved in another scam of late. On Monday, several members of the crypto community caught wind of a fake account on YouTube, Google’s video streaming giant. The account impersonated Brad Garlinghouse, Ripple Labs’ founder and chief executive, and was promoting a crypto airdrop scam. The scam account had garnered over 200,000 subscribers, and it contains just one video. The content’s description promotes a non-existent airdrop of 50 million XRP ($8 million). It’s worth noting that the video itself isn’t fake – it’s actually a real interview by Garlinghouse last month. However, the description is fake, and given that 85,000 people already watched it, this presents a bit of a problem for everyone. It’s also rather interesting to see, especially since YouTube has been on a strong campaign against crypto-related content.