Cryptocurrency hardware wallet manufacturer Ledger has issued a warning to users over a new phishing attack using an extension in Google Chrome.
According to a tweet, Ledger alerted users to a fraudulent Chrome extension which asks users to enter their 24-word recovery phrase. The tweet reminds Ledger clients to never share their recovery phrase or enter it in an internet-connected device.
The attack was first reported by Catalin Cimpanu, a cybersecurity reporter for business technology outlet ZDNet. The fraudulent Chrome extension, called Ledger Live, mimics the mobile and desktop application Ledger Live which allows clients to sync their hardware wallet with a secured device.
Once installed, users are asked to enter their 24-word seed phrase into the extension, which collects the data via a Google Form. Attackers can then use the recovery phrase to access a user’s Ledger wallet and “recover” the funds to a different account.
Harry Denley, Director of Security at MyCrypto said, “The extension makes no sense to install and use because it defeats the purpose of having a hardware wallet with your secrets offline.”
While the extension has been removed from the Google Chrome Web Store, the ZDNet report claims it was downloaded at least 120 times.