Malicious Chrome Extension Stole Ledger Wallet Data

A security specialist from MyCrypto discovered a malicious Chrome extension called Ledger Live that was being actively advertised on Google. This extension disguised itself as the legitimate Ledger Live tool, which is intended for users of Ledger hardware wallets on both mobile and desktop devices.

The scammers worked hard to make the fake extension appear to be the official version of Ledger Live for Chrome, claiming it allowed users to perform the same operations through their browser, such as checking balances and confirming transactions. However, instead of providing these features, the fake extension prompted users to install it and synchronize their Ledger wallet by entering their wallet’s seed phrase.

The seed phrase is a string of 24 words used to transfer wallet data between devices and as a recovery system in case the user loses or wants to change their device. Essentially, the fraudulent extension did nothing more than display a pop-up window requesting the seed phrase, which it then collected and sent to the scammers using a Google Form.

With the stolen seed phrases, the scammers could use their own Ledger wallet to “recover” other users’ wallets, gaining access to their accounts and stealing funds. Since Ledger hardware wallets support more than 20 different cryptocurrencies, a hacker who manages to steal a seed phrase could potentially access significant amounts of money.

At the time of discovery, the extension was still available in the official Chrome Web Store and had over 120 installations. Additionally, according to the researcher, the extension was being actively promoted through Google Ads using keywords like “Ledger Live.”

• Our other channels
• Our friends and partners