Ledger software and user architect “Wizard Of Aus” denounced a supposed “official” extension for Ledger. The malicious Chrome extension stole USD $16,000.
The Twitter account @BTCSchellingPt, belonging to the Ledger user “Wizard of Aus”, reported a malicious Chrome extension. The software architect warned cryptocurrency wallet holders about an “official” Chrome extension for Ledger wallets. According to him, the extension is malicious and stole USD $16,000 in ZEC (Zcash).
A tweet published on January 2 by the aforementioned user reports the complaint:
“Chrome malware extension alert!
If you have “Ledger Secure” installed, remove it.
The @ChromeExtension “Ledger Secure” contains malware that returns the seed phrase to the extension author.
This is not an official product of @Ledger. Used successfully against @hackedzec”
Ledger user reported malicious Chrome extension
The Twitter account “@hackedzec” was created in January 2020. Both this novelty and the name chosen suggest that “Wizard of Aus” created the account specifically to spread what happened after his bad experience with malware in the form of extension for Chrome.
The official Twitter account of Ledger Support confirmed the detection of the malicious Chrome extension on January 2, using the headline “PHISHING ALERT”.
USD $16,000 in ZEC extracted
In the Wizard of Aus account, 600 ZEC (Zcash), with an approximate value of USD $16,000 were stolen from the properties of @hackedzec in their Ledger Nano by the creator of the aforementioned Chrome extension.
Referring to the warnings of Casa founder, Jeremy Welch, last year against browser extension malware at the Bitcoin (BTC) Baltic HoneyBadger event in Riga, Wizard of Aus warned of the risks posed by these products:
“First, be very careful with the extensions you install. If you use the same computer for your cryptography that you usually use, be very diligent.”
In addition to the risks involved, Wizard of Aus also reported what users can do to protect themselves from scams or theft with these types of extensions:
“It is better to have a separate minimum machine, or use a virtual machine that is the only place where it performs cryptographic activity”
Another due diligence according to Wizard of Aus includes using only the proprietary software of the wallet provider, in this case, Ledger, and verifying that it really comes from the provider’s website through a secure link.
Users can also verify the verification sum of the downloaded file before running the software. A checksum, also known as hash, is a unique hexadecimal number of the installer .exe file created by the author. The downloaded file, assuming it has not been manipulated by a third party, must match the checksum on the provider’s site.