If you have a Google Chrome extension named ‘Ledger Secure’ installed, you should consider removing it immediately. Confirmed reports claim that the extension is actually malware capable of stealing crypto from Ledger hardware wallets.
Early Thursday morning, a software architect who goes by the username WizardofAus (@BTCSchellingPt) tweeted a warning that the extension was not a legitimate Ledger extension but was, in fact, a malicious piece of crypto-stealing malware.
☠️ Malware Chrome extension alert ☠️
If you have "Ledger Secure" installed – REMOVE IT.
The @ChromeExtension "Ledger Secure" contains malware that passes your seed phrase back to the extension's author.
This is *not* a @Ledger product.
Successfully used against @hackedzec ????— WizardofAus ????????????⚡ (@BTCSchellingPt) January 2, 2020
According to WizardofAus, the malware has already claimed at least one victim, allegedly stealing 600 ZEC – roughly US$16,000 – from Twitter user @hackedzec.
Following the installation of the Ledger Secure extension and subsequent theft of his ZEC, @hackedzec noted that he had found code on his computer leading him to conclude that he had been phished and a “random file” that he was able to track down to a Twitter account promoting the extension.
Well – I don't remember doing this, but I found code of my computer that makes me 99% sure I was phished. "https://t.co/40A7EL2d0G.sync.set({wallet: num}". Maybe still trackable coins, but I just wanted to give you all an update on what I expect happened.
— hackedzec (@hackedzec) January 2, 2020
Ledger’s official support Twitter account confirmed that the malware is not a legitimate Ledger application and is encouraging anyone who may have installed it to contact the company and report it to Google.
An expensive lesson learned
This incident serves to remind us to pay close attention to what we download and which websites we access.
To help ensure that the app or extension you are installing is legitimate, it is a good idea to download it directly from the provider whenever possible.
If you see an app in a repository that isn’t on the provider’s website, don’t be shy about contacting them to ask if it is a legitimate app.
And if you’re using the same device to manage your crypto assets that you use for general online use, be extra diligent.
Even better, have a separate machine – or at least a Virtual Machine – that is reserved solely for your crypto activities.
Hackers fancy crypto wallets
This is not the first time that hackers have targeted crypto wallet users. Only last October, the hackers used Russian malware to launch widespread botnet attack on cryptocurrency wallets.
Part of the reason they are so often targeted is the availability of cheap tools enabling them to do so.
Cybersecurity firm Prevalion recently wrote about a massive ongoing cyber-crime campaign called MasterMana Botnet which targeted, among other things, cryptocurrency wallets.
The software used by the hackers in these attacks sells for as little as $100 online.
And just last month, Micky reported on a botnet that would be capable of bringing down the Bitcoin Lightning Network for around $400.
An update on the stolen ZEC
Less than an hour ago, the victim of the Ledger Secure malware posted an update on Twitter claiming to have tracked down 300 of the 600 stolen ZEC.
Stolen Zec please help 300 of the 600 moved to exchanges.
Coins appear to move to an exchange.
200 coins on this exchange wallet https://t.co/rNYwtIC3g6
100 coins moved to this exchange:https://t.co/2Pdffidqr3
— hackedzec (@hackedzec) January 2, 2020
According to @hackedzec, the stolen coins have been transferred to two separate wallets on an exchange. There has been no word yet as to which exchange the coins were sent to or if the victim has been in contact with the exchange.