Major cryptocurrency hardware wallet supplier Ledger has warned its users about some other phishing attack trying to steal their crypto — this one using a Google Chrome extension.

In a March 5 tweet, the French crypto company specified that there is a false extension on Google Chrome browser that attempts to steal users' crypto past asking them to enter their 24-word recovery phrase to admission their wallet.

Ledger Live gets removed from the Chrome Web Shop

The phishing attack was reported past Catalin Cimpanu, a cybersecurity reporter at business organisation engineering science news website ZDNet on March 4. According to Cimpanu, the malicious Chrome extension was first discovered past Harry Denley, managing director of security at blockchain interface platform MyCrypto.

According to the report, the fake Chrome extension is chosen Ledger Alive. It tries to mimic the existent mobile and desktop application Ledger Alive that allows Ledger wallet users to approve transactions past syncing their hardware wallet with a trusted device. Every bit of press fourth dimension, the fake Ledger Live extension had manifestly been removed from the Chrome Web Store. According to the study, the phishing extension was downloaded at to the lowest degree 120 times earlier information technology was taken downwards.

Fake extension was advertised by Google Ads

As reported by ZDNet, the malicious extension was trying to mislead users into thinking that it represented the Chrome version of the original Ledger Live app, which would permit them to check balances and approve transactions via Chrome. Users were apparently offered to install the extension and connect their Ledger wallet to it by inbound the wallet's seed phrase — a backup phrase or word seed used to get access to their wallets.

MyCrypto exec Denley, who first uncovered the phishing attack, reportedly ridiculed the malicious extension past challenge that it makes no sense to install and use such an extension with a hardware wallet that is meant to protect funds by storing cryptocurrency offline.

Withal, Denley nevertheless admitted that he would non be surprised if the simulated extension has tricked people, calculation that it's a "big problem in the cryptocurrency area, to teach people their individual keys/mnemonics should stay offline." The malicious extension could apparently have misled some users, taking into business relationship the fact that it was advertised past Google'southward online advertizement platform Google Ads, as reported by Denley.

Source: Twitter

Source: Twitter

In the warning announcement, Ledger emphasized that the platform would never ask its users for their recovery phrase, urging that to never share the 24-word seed phrase or enter it into whatever device connected to the Internet. This is, however, not the get-go time that Ledger users encountered a faux Chrome extension. As reported past Cointelegraph in early Jan, another malicious Chrome extension stole about $xvi,000 in privacy-focused cryptocurrency Zcash (ZEC).