- The scam involved the use of a fake homoglyph-containing URL.
- The scammers transferred the stolen funds to Bittrex through five transactions.
- Binance users once fell victim to a scam that used a homoglyph-containing URL.
Ledger wallet owners have fell victim to a scheme that defrauded them out of 1,150,000 XRP. A community-run fraud awareness group xrplorer unveiled this news on November 2, noting that the scam leveraged a phishing email that instructed users to use a fake version of the Ledger website, which contained a homoglyph in the URL. In this case, the scammers used a letter that resembling ‘e’. After accessing the fake website, victims were deceived into downloading malware, which posed as a security update. Upon installation, the malware drained the users’ wallets of all their coins.
Xrplorer’s tweet read,
Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.
“This phishing scam (notice the fake domain lẹdger\.com), has already stolen more than 1,150,000 XRP from @Ledger users. Please watch out! We will follow the money.”
The group added that the hackers behind this scam sent the stolen funds in five different transactions to Bittrex exchange. Xrplorer went on to disclose that the exchange was unable to seize the coins on time.
A similar ongoing scheme
Purportedly, there is another similar phishing email targeting Ledger users. The scheme uses an email that appears to have been sent from the official account for TeamRipple. Allegedly, the scheme entices Ledger wallet owners by promising to offer a giveaway to whitelisted addresses as part of a Community Support Program. However, unlike other giveaways, the registration process requires the users to hand over their Ledger seed phrase or crypto private key to qualify for the non-existent program.
This news comes after Ledger recently confirmed that it fell victim to a data breach that compromised approximately 500,000 email addresses. The hack also leaked the personal details of a subset of 9,500 customers. While Ledger quickly fixed the vulnerability that led to the attack, it was too late as the data had already leaked. Since then, hackers have been coming up with ingenious means to use the leaked data to dupe Ledger users.
The use of homoglyph-containing URLs is not new in the crypto space
Reportedly, this is not the first time for scammers to use URLs containing homoglyphs to phish credentials. This year has seen several scams leveraging this trick to target XRP holders, with the first one dating as far back as January. Apart from this, fraudsters set up a fake Binance site, which even comprised an SSL certificate in 2018. However, keen users noticed that the scammers had replaced the ‘n’ with another version that had an underdot ‘ṇ’.