Fake Chrome Extension ‘Ledger Live’ Steals Users’ Crypto Wallet Recovery Phrases
The Ledger support team came forward on 5th March on Twitter warning users to secure their hardware wallets as a Ledger Chrome extension app is phishing data from the users. The announcement comes on the back of constant pressure by the community, who have been speaking out against the scam extension since early this year.
A fake Chrome extension has been found, asking to enter your 24 word recover phrase
⚠️NEVER share your 24 words
⚠️NEVER enter your 24 words into any internet-connected device
⚠️Ledger will NEVER ask for your 24 words
— Ledger Support (@Ledger_Support) March 5, 2020
In this article we will touch on the “Ledger Secure” extension and how it steals unknowing users “24-key passphrases”. Moreover, we will discuss various ways users can secure their wallets from phishing attempts.
‘Ledger Secure’ is a scam phishing extension
In early January of this year, a number of cryptocurrency users noted that a famed Ledger hardware wallet, ‘Ledger Secure’ was asking users to enter their 24-key passphrases on their app as they logged in.
In January, a Ledger Secure user complained on Twitter that he had lost over $16,000 USD worth of ZCash (ZEC) in a malicious attack on the extension.
With the increasing cases of phishing attempts and hacks across the crypto industry here is some advice on how to keep your hardware wallet secure. First of all, do not share your password, private key or the passphrases as they could be used to access your wallet and steal your coins.
Furthermore, store your passphrase on an offline device or write it down carefully – checking the spellings and capitalization. Finally, keep copies of the passphrases in several locations only known to you.