Hackers Targeting Chrome Extensions, Potentially Steals $2.5M Author: Ali Raza Last Updated: 14 June 2020 According to a Reddit post done earlier, it seems that a new fraudulent crypto wallet has begun to circulate. This scam, managing to disguise itself as a legitimate Google Chrome Extension, has potentially run out $2.5 million in XRP from various users, as the Reddit report claims. Evidence Of Large Scale Crime Through the Reddit post, made on the 28th of March, 20202, the Reddit user going by the name of “Leannekera,” who states that they were infected with COVID-19, wrote that they felt “embarrassed” after they were forced to watch their XRP be transferred from their own account to a new address, one that held $2.5 million in XRP. Leannekera stated that this was “clearly” a massive operation because there was so much in the account. Indeed, it seems they were right, as Ledger’s twitter account quickly issued out a warning on the 5th of March, 2020, about a fraudulent Chrome Extension. It’s entirely possible that these two are one and the same. Preying On The Vulnerable As of the 24th of March, 2020, XRPlorer Forensics had its researchers estimate that one such Ledger Extension scam has managed to make off with an impressive 1.4 million in XRP, which is worth about $235,775 at the time of writing. They managed to steal this amount of XRP in March alone. Sad as it is, Leannekera stated that they had been sick and placed in quarantine. As their money was tight at the time, they decided to consolidate their respective forms of crypto in Bitcoin. With this, they believed they would be capable of recouping an impressive 20% of the total losses they and their husband had achieved due to this coronavirus crisis. Wolves In Sheeps’ Clothing They explained that they had remembered that Ledger had a Chrome Extension, which was the start of the scam. The malicious Extension is especially dangerous due to the sheer measures the hackers had taken to make it seem legitimate. As Leannekera explained, the Extension had the name of “Ledger Wallet” or “Ledger Live” in the chrome store. The Extension claimed to be from Ledger.com, or otherwise Ledger Official, and had all the signs it needed to seem legitimate. It even had a slurry of 70 reviews, all giving it between 4 or 5 stars. These descriptions described the thing as a tad challenging to operate, but easy once you’ve figured it out. After installation, Leannekera was prompted to enter their seed phrase, which allowed the hackers access to their private keys. In the span of 8 minutes, they managed to steal all of Leannekera’s XRP.