Malicious Chrome Extension Caught Stealing Users’ Ledger Wallet Seed Phrases
A malicious Chrome extension named Ledger Live was discovered on March 5 by Harry Denley, Director of Security at MyCrypto. The extension has the potential to steal the Ledger wallet recovery seeds of users who would carelessly download it.
Ledger Support, through their official Twitter account, warned its followers about this fake Google Chrome extension that can potentially steal all their funds.
A fake Chrome extension has been found, asking to enter your 24 word recover phrase
⚠️NEVER share your 24 words
⚠️NEVER enter your 24 words into any internet-connected device
⚠️Ledger will NEVER ask for your 24 words
— Ledger Support (@Ledger_Support) March 5, 2020
The original Ledger Live app is a mobile and desktop app that allows Ledger wallet users to query their coins and approve transactions by syncing their hardware wallet with a trusted device. According to the report, this detected malware tries to trick users into thinking it is the Chrome version of the original app, which would allow them to do same thing through the Chrome browser.
Users are made to install the extension and connect their Ledger wallet to it by entering the wallet’s seed phrase. The seed phrase is a string of 24 words that is used to move wallet data between devices. It serves as a wallet recovery system in case users lose their devices or probably want to change it.
However, Denley has warned that this extension is a fraud that only collects and sends victims Ledger seed phrases to a Google Form. Once they gain access to the seed phrase, it allows them to recover Ledger wallet content on the victim’s device.
Denley argued that Ledgers have good instructions on keeping private information, such as seed phrase, offline. He said this extension defeats the purpose of having a hardware wallet with users’ secrets offline. Denley advised users to keep their private/mnemonics offline.
Featured image courtesy of Shutterstock. Source: Cryptopress.