Posted on Leave a comment

Beware phishing scam that targets wallet users

Customers of Ledger, the hardware cryptocurrency wallet, are being targeted by a phishing attack posing as an email from Ledger support. Even we at Bitstore Malaysia also getting this attempt on daily basis.

The fake email ostensibly informs users their Ledger assets may be compromised or Your Hardware Wallet has been disabled as head subject. It states, “We‘re sorry to inform you that due to the new KYC (Know Your Customer) regulations, you‘re required verify your identity:.” This claim is false; while the email form looks professional, it is a phishing attempt to steal customers data. 

Based on analyst from our threat intelligence team, the email contain a link that will phish user to giving their recovery phrase on the cloud document provided or a link to download fake Ledger Live application.

Security best practices

  • Reminder: Anyone with access to your 24-word recovery phrase can take your assets.
  • Never enter your 24-word recovery phrase anywhere else than on your Ledger device.
  • Ledger will never ask you for your 24-word recovery phrase.
  • Only use official contact form at

The email is so convincing that even wary users might be fooled. Ledger confirmed that, for the last week, a phishing attack has been targeting Ledger cryptocurrency wallet customers. 

Ledger phishing email

In a statement, a Ledger spokesperson said an internal task force has been deployed to investigate the latest phishing attack. 

“The investigation is ongoing and at this time we cannot give any additional information but one thing is for certain: Ledger will never ask you for your 24-word recovery phrase, which is a blatant sign of a phishing scam,” said the spokesperson. “Ledger encourages customers to exercise caution as phishing attacks become more sophisticated and to alert Ledger’s customer support team and consult for more information on the detection of scams.”

Phishing attacks are common and attackers are increasingly sophisticated, creating emails that resemble official company correspondence. They rely on a person making a mistake and clicking on a link that could compromise his or her security. 

Pro tip: Bookmark verified sites where you normally would input sensitive information and only access them through that bookmarked link.

Posted on 1 Comment

Beware Malicious Google Chrome Extensions That Hijacking Cryptocurrency Wallets

Google has ousted 49 Chrome browser extensions from its Web Store that mimicked as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies.

The long list sum 49 browser add-ons including Ledger wallet, potentially the work of Russian based cybercriminals, were identified (find the list here) by researchers from MyCrypto and PhishFort.

“Essentially, the extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files,” explained Harry Denley, director of security at MyCrypto. “Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts.” Additionally all of the extensions have the same functionality but their branding changes based on who they are targeting.

Moreover, an analysis suggests Ledger is the most targeted brand — without speculating, it’s hard to say why.

  • Ledger — 57% of malicious browser extensions in dataset
  • MyEtherWallet — 22% of malicious browser extensions in dataset
  • Trezor — 8% of malicious browser extensions in dataset
  • Electrum — 4% of malicious browser extensions in dataset
  • KeepKey — 4% of malicious browser extensions in dataset
  • Jaxx — 2% of malicious browser extensions in dataset
For instance, MEW CX, the malicious add-on targeting MyEtherWallet, was found capturing the seed phrases and transmitting them to an attacker-controlled server with an intention to drain the victim’s wallet of digital funds.

Some of the extensions, Denley said, came with fake five-star reviews, thus increasing the chances that an unsuspecting user might download it.

Data stealing extensions have been a regular occurrence on the Chrome Web Store, leading Google to purge them as soon as they’re discovered. Back in February, the company removed 500 malicious extensions after they were caught serving adware and sending users’ browsing activity to C2 servers under the control of attackers.

If you suspect you have become a victim of a malicious browser extension and lost funds, it’s recommended you file a report at CryptoScamDB.

For Ledger user please bear in mind that only download Ledger Live application through their official site here.