A UK couple diagnosed with COVID-19 recently posted on reddit that they have lost their 14,800 XRP (about $2,500) on a Chrome Ledger hardware wallet extension. The funds are traced to a whale account holding XRP tokens worth more than $2.5 million. The same wallet is said to have stolen over 1.4 million XRP tokens (about $7.84 million) in the month of March alone.
UK Couples loses $2,500 to fraudulent XRP Wallet
Saturday 28, a Reddit user by the names of Lean Nekera from the United Kingdom posted that she and her husband lost some 14,800 XRP after using a Ledger extension on Google chrome. She further said both herself and the husband were recently diagnosed with Coronavirus.
Lean revealed that she transferred the funds from the cold wallet where the funds were stored to the chrome browser extension without knowing the extension was already tagged dangerous by many analysts. Google removed the link to the Ledger browser extension as of the time of this writing.
The chrome plugin goes by the name Ledger Wallet or Ledger Live on the google plugin store. The application developer claims that the software is from Ledger.com® and Ledger Official® respectively. Lean said the chrome extensions look official and she couldn’t be suspicious of it until she couldn’t retrieve the $2,500 she sent to the plugin wallet address.
Although Google has taken the extension offline, records indicate that the scammer scammed a multitude of Ledger wallet holders in 2018. Lean described that once the user installs the app they are prompted to select the hardware wallet version from a drop-down menu. The app later asks the user to enter their full passphrase which deciphers their entire private keys to the app developers.
More than $7.84 million worth of XRP sofar lost to the Malicious Google chrome extension
Lean wrote that once she finished entering her passphrase her entire balance of about 14,889 XRP vanished. She said the entire process leading to the loss of the funds concluded in less than 8 minutes indicates how efficient the app is at stealing user funds.
Surprisingly the funds were redirected to the whale account holding more than $2.5 million in XRP tokens. This shows that the scammers have been stealing user funds for quite some time using that same particular public address. Lean said she has already reported the theft to the UK Fraud department, the FBI and Ripple support services.
XRP Forensics experts posted on twitter confirming that the particular account is responsible for the loss of more than 1.4million XRP tokens from unsuspecting users. Cryptocurrency users are warned against using unofficial wallets and applications as they could be malwares developed by scammers.