Phishing Scam On Ledger Lookalike Steels 1.1 Million XRP Author: Ali Raza Last Updated: 10 November 2020 As the crypto space at large is trying to break out of its bear market, lasting almost three years, overall, crypto attacks and scams are starting to return. Scams Never Change The Basic Formula These sorts of scams typically follow a basic, if sadly effective, modus operandi. It all starts with things like Twitter, YouTube, or even Google searches, creating fake advertisements to trap unsuspecting users. These advertisements offer too-good-to-be-true giveaways, or the scammer could opt to create an entire fake website dedicated to behaving like a trusted one. Typically, these fake domains have only minor details changed, or have intentionally sneaky misspelling. Through a similar attack vector, millions in XRP managed to be stolen by way of a fake Ledger site. The attackers managed to create a fake domain name, successfully swindling 1.15 million XRP out of the hands of various victims. 1.15 Million XRP Stolen Through Phony Website As it stands now, this amount of stolen XRP is worth around $280,000. XRP Forensics highlighted that the attackers had sent the funds to the Bittrex crypto exchange. Bittrex was reportedly “unable” to flag or seized these addressed, which gave the attackers the opportunity to actualize the stolen gains. This phishing scam (notice the fake domain lẹdger.com), has already stolen more than 1,150,000 XRP from @Ledger users. Please watch out! We will follow the money. pic.twitter.com/Q8XD2awdo7 — XRP Forensics (@xrpforensics) November 2, 2020 As one would imagine, Bittrex has declined to comment about the matter at large. Dmytro Volkov stands as the CTO of CEX.IO, an international crypto exchange. Volkov gave comments about hacking attacks against crypto wallets, explaining that it typically aims for the most vulnerable parts of the entire system: The users and their user devices. Aim For The Weakest Points Volkov stated that to hack end-user devices is relatively easy, not to mention the ease it takes to compromise humans with a bit of social engineering. Volkov explained that directly cracking a wallet is typically rare, citing the high levels of security standards, including the wallets’ complex cryptography. Hacks done by social engineering are brutally effective, if done right. This could be seen back in July, when a 17-year old from Florida managed to hack 25 high-profile accounts, both celebrity and political, and initiated a brutal crypto scam. Social engineering preys on human nature, leaving no reliable method to prevent it. It should be noted, however, that certain cues are typical in social engineering scams, and an internet user should be familiar with it in order to stay safe. In matters such as these, wisdom, and more often than not, experience from already running afoul with scams, is what keeps you safe.