1.1m XRP stolen in phishing scam on crypto wallet Ledger lookalike
Crypto scams and attacks are on the rise once again as the broader sector breaks out of a nearly three-year-long bear market.
The process is usually as follows: Scammers target sites like YouTube, Twitter, and Google searches to trap unsuspecting users and create either fake advertisements — such as alluring giveaways — or even create a fake website using domains similar to the original — using “0” instead of “o” or a sneaky misspelling.
XRP gone
Such an attack vector last week saw millions of XRP stolen from a fake Ledger site, with the attackers using a fake domain name and successfully swindling funds.
This phishing scam (notice the fake domain lẹdger.com), has already stolen more than 1,150,000 XRP from @Ledger users. Please watch out!
We will follow the money. pic.twitter.com/Q8XD2awdo7
— XRP Forensics (@xrpforensics) November 2, 2020
The 1.1 million XRP — stolen from different users — is currently worth over $280,000, as per CryptoSlate data. As per XRP Forensics, the attackers sent the funds to Bittrex, a crypto exchange, which was “unable to seize” or flag the addresses and allowed the attackers to actualize the loot.
Bittrex did not respond to questions from CryptoSlate about the stolen funds at press time.
Expert weighs in
Dmytro Volkov, CTO of the international cryptocurrency exchange CEX.IO, told CryptoSlate that such hacking attacks against crypto wallets are usually focused on the most vulnerable parts – user devices and the user themselves.
“It is relatively easy to hack end-user devices or to “hack” (read trick) humans by using social engineering. Direct hacking and cracking of wallets are rare because of high information security standards and complex cryptography used in wallets,” he said.
A hack by “social engineering” was infamously seen in July’s outrage at microblogging site Twitter, which saw a 17-year-old teen from Florida target 25 high-profile political and celebrity accounts and initiate a crypto scam.
There are no reliable methods to protect from social engineering, however, there are certain widespread social engineering signs one should be familiar with. Any such signs should alert your attention and demand additional checks.
We also see an uptick in reports of stolen XRP as a result of this scam. Stay alert! ? https://t.co/azd674Hesj
— XRP Forensics (@xrpforensics) November 5, 2020
Meanwhile, Volkov suggested users check website URLs and HTTPS (SSL) certificates prior to engaging with any crypto platform — despite any visual similarities. This method — the one used by the fake Ledger website involving the stolen XRP — sees a hacker create a site similar to the real website and eventually receive a user’s password or one-time confirmation code, following which the credentials are changed and all assets (usually) transferred out.
Crypto hacks continue to rise despite a favorable year
As per an earlier CryptoSlate report, crypto attacks have marginally fallen this year, as education of additional security measures and awareness about attack vectors has been instilled among the users. Still, as the sector continues to grow and attract newer users, attackers seemingly find newer ways to bait users.
That said, another earlier report suggested exchanges and wallets remain the biggest pain point for the crypto sector with over $4 billion stolen via the two user fronts (and other hacks) in 2019 alone.