Hackers have stolen more than 1.15 million XRP tokens from a large number of Ledger users as a result of a phishing attack.
How the hackers stole XRP from Ledger users
According to the researchers, the entire amount was sent in five payments to the address of the Bittrex exchange. The platform did not manage to block transactions in time.
Additionally, XRP owners were warned of a fraudulent distribution on behalf of Team Ripple with an offer to participate in the XRP distribution. Attackers offer users to join a “white list”, registration which requires entering a seed phrase from a Ledger wallet or a private key.
Recall that at the end of October, Ledger users began to receive phishing emails, in which unknown persons, on behalf of the support service, reported about an alleged infection of Ledger Live with malware and offered to install an emergency update.
The victims linked the attack to the July leak of personal information of about a million users from the marketing database. However, the developers of the wallet said they have not yet been able to confirm this assumption.
In early November, hackers transferred 107 BTC received as a result of the attack to two addresses.
How to avoid a phishing attack
Phishing refers to the practice when somebody tries to make you believe that they are a legitimate and trusted company by having you visit a fake website. Usually, this type of hackers reaches out to you via email or through a fake web ad. You might end up going to their website and either infect your device with malware or lose your Bitcoins via a fake sale.
In this case, it is vital not to believe every email you receive. You might receive the email from a wallet or exchange you already use, but the hackers might copy the name and even the website address almost letter to letter.
Do not click on any hyperlinks or open any attachments before you make sure you are reading the email from the genuine company. Moreover, pay attention to the sender’s email, as this might give you an idea of whether it is a scam or not.
Thunk we missed something? Let us know in the comment section below.