Ledger Wallet Seed Phrase Theft By a Malicious Chrome Extension
Ledger Live is a malicious Chrome extension that was discovered on the 5th of March 2020 by MyCrypto’s Director of Security, Harry Denley. Users who download the extension can potentially have their Ledger wallets’ recovery seeds stolen by it. In an official Tweet, Ledger Support issued a warning regarding this fake Chrome extension on the same day of its discovery.
Ledger Live App
The similarly named original Ledger Live app is a legitimate mobile and desktop app available to Ledger wallet users. It enables its clients to examine their digital assets and authorize any transactions. This transaction authorization is done through the creation of sync between their wallet and a trusted device.
To access one’s wallet, a seed phrase is required. A seed phrase is a 24-word backup feature required to transfer wallet data between devices. It acts as the wallet’s recovery system, used to restore one’s wallet to a new device in the event of losing or changing from the older one.
The malware aims at tricking users into believing that it is a legitimate Chrome version of the original app that allows them to access similar services through a chrome browser. This is according to observation as per a report issued regarding the extension. A user will unknowingly install this mimicking malware extension onto their Ledger wallet after keying in the wallet’s 24-word seed phrase.
A stern warning regarding the fraudulent nature of this has been issued by Denley. He stressed that the malware’s only intention is first collecting, then sending its victims’ Ledger seed phrases to a Google Form. On accessing a user’s seed phrase, they can easily recover a Ledger wallet’s content right from the victim’s device.
Caution to Users
Ledgers clearly instruct all users to maintain all private information, such as seed phrase, offline. Denley noted that the extension malware is designed to defeat the purpose of having a hardware wallet with users’ secrets offline. Denley advised users to keep their confidential mnemonics offline.