Phishing Scam Reportedly Steals Over 1.15 Million XRP From Ledger Wallet Owners
According to XRP Forensics, a massive phishing scam has stolen more than 1.15 million XRP from Ledger users using a fake domain resembling the official website. The Twitter account warned users to pay careful attention to the URL of the Ledger website before initiating an update.
A subsequent tweet explained the stolen XRP was sent in five payments to the cryptocurrency exchange Bittrex, which was unable to catch the funds in time to intervene.
The scam used a phishing email to direct users to the fake domain in order to update their wallets. Once there, victims were tricked into downloading malware which emptied their accounts.
A similar scam also involves the use of phishing emails which appear to originate from an official account for “Team Ripple.” The scam email asks users to whitelist their wallet addresses in order to participate in a fake “Incentive Plan” that will distribute over 5 billion XRP.
In a blog post published in July 2020, Ledger admitted to a major data breach that resulted in millions of email addresses and personal data of 9,500 customers being compromised.