Phishing scams targeting crypto users seem to be far from over as per an update by XRP Forensics, which says close to 1,150,000 XRP tokens have been stolen in a new scam. This particular one targeted Ledger wallet users and went to the length of sending security update emails to unsuspecting XRP token holders.
We also see an uptick in reports of stolen XRP as a result of this scam. Stay alert! 🚨 https://t.co/azd674Hesj
— XRP Forensics (@xrpforensics) November 5, 2020
According to the update by XRP Forensics on Nov 5, there has been an uptick in XRP stolen reports, most of which it attributes to this scam. The team which handles analytics on the XRPlorer has since urged the community to stay alert to minimize the attackers’ opportunity window,
“We also see an uptick in reports of stolen XRP as a result of this scam. Stay alert!”
Like in the old phishing scam tricks, the attackers have made a substitute homoglyph of the letter ‘e,’ making the Ledger website wallet appear real on the first interaction. Victims were forced into downloading an update while, in the real sense, the attackers were directing them to the fake website to drain XRP balances in their Ledger wallets.
Despite recent collaborative efforts to stop such attacks, the hackers managed to withdraw all the compromised tokens by sending them to the Bittrex exchange in five transactions. At the time, the exchange could not seize the funds, resulting in the loss of around 1,150,000 XRP tokens from Ledger wallet users. At the time of publishing, that is worth about $297k.
Notably, the hardware wallet provider had fallen victim to a data breach back in July, where the data of around 9,500 clients was compromised. While they acted fast to patch the vulnerability, Ledger had already been exposed to a considerable amount of damage. The hackers now seem to be getting ahead of the game with a combination of phishing scams accompanied by legit-looking emails.
In this case, the attackers circulated an email that resembles official communication from the Ripple team. This information hinted at a community support program and incentive program as part of a financial recovery strategy and over 5 billion XRP tokens up for grabs. However, the catch is that the attackers require users’ wallet addresses and private keys to be registered.
Note: Don’t ever give up your private keys. They are called Private keys for a reason.
XRP has had its fair share of phishing scams, with roughly 6 million XRP being lost in 2019 while this year’s figure stands at 3 million. The firm has attempted to counter this challenge and recently filed a lawsuit against YouTube for not taking action against malicious actors impersonating Ripple CEO Brad Garlinghouse. Going by these stats, XRP tokens appear to be a favorite gem for phishing scammers.