Cryptocurrency wallet provider Ledger is dealing with the fallout from a security breach, with the company’s customers losing their funds to a barrage of phishing attacks. Earlier this week, cybercriminals managed to drain users of about 1.15 million XRP tokens (about $285,000) from users.
Hundreds of Thousands Lost to Phishing Attack
According to a report from XRP Forensics, the scam came in the form of a phishing attack, with victims getting emails that directed them to a fake version of the Ledger website. The hackers were obviously sophisticated, as they substituted a homoglyph in the URL to fake the letter “e” in “Ledger.”
This phishing scam (notice the fake domain lẹdger.com), has already stolen more than 1,150,000 XRP from @Ledger users. Please watch out!
We will follow the money. pic.twitter.com/Q8XD2awdo7
— XRP Forensics (@xrpforensics) November 2, 2020
On the fake site, victims were tricked into downloading malware, which posed as a security update. Once installed, the malware drained the funds on their wallets. It’s unclear whether the scam has been shut down, although the hackers have still managed to make off with a pretty penny.
XRP fraud detection site xplorer reported that the hackers sent their XRP loot to a Bittrex account in five transactions. Bittrex was unable to seize the funds in time, as the hackers now appear to have liquidated them.
Another XRP-focused Twitter account reported on a different phishing scam. In this case, an email that looks like it came from the Ripple team appeals to Ledger users using a token giveaway to a whitelisted address.
The scam claims to be working on a “Community Support Program,” with interested participants having to send their Ledger seed phrases or private keys to the hackers. It’s unclear how much these hackers have managed to siphon off investors, although there’s a slim chance that they’ll be getting much money.
Issues Lingering Despite Security Upgrade
The phishing scams are fallout from a security breach that Ledger suffered earlier this year. At the end of July, the company sent an email to its customers, explaining that it had suffered a data breach weeks back. Ledger had been notified by a researcher participating in a bounty program, and further investigations found that the hackers had been stealing the company’s data since at least June.
The hackers reportedly used an API key to access the firm’s ecommerce and marketing database, which they used to send promotional emails. Ledger confirmed that the breach affected almost a million users, adding that a subset of about 9,500 users got their details – including postal addresses, full names, and phone numbers – leaked.
“Your payment information and crypto funds are safe […] Regarding your e-commerce data, no payment information, no credentials (passwords), were concerned by this data breach. It solely affected our customers’ contact details,” the company said, adding that it was monitoring online marketplaces to find evidence of the data being sold.
The company has made adjustments since then. In October, Friedman LLP, a New York-based accounting firm, told Cointelegraph that they had run a successful System and Organization Controls (SOC) Type 1 test on the company’s internal security controls. However, this doesn’t leave them out of the woods yet. With over $250,000 in funds lost due to this, it’s only a question of when the next attack will be.