- Jul 27, 2015
- 5,459
Cryptocurrency security company Ledger has warned users about a rogue Chrome extension that dupes its victims into giving up the keys to their crypto wallets.
Cryptocurrency owners need a wallet just like users of regular cash do. Instead of cash, however, crypto wallets hold digital keys – which grant users access to the blockchain addresses to unlock their funds. Some people write those addresses down on a piece of paper, while others might store them in a file on their computer or in a software application that doubles as a wallet. A hardware wallet is a device dedicated to storing the addresses, and they are built to be as difficult to hack as possible.
This week, it emerged that a rogue developer published what they said was a Chrome extension version of Ledger Live on the Chrome store. The extension claimed to let Ledger owners use their hardware wallets to access Ledger Live’s functionality directly within Google’s Chrome browser. All they had to do was enter their Ledger wallet’s seed phrase – a string of 24 words that is the only way to recover their private keys if their wallet is damaged or lost. The Chrome extension was a scam that copied the seed phrase to a Google form. The author could use it to access all the victim’s private keys and take control of their crypto assets using another Ledger wallet.
Naked Security – Sophos News
nakedsecurity.sophos.com