The scam involved the use of a fake homoglyphic URL.
The scammers transferred the stolen funds to Bittrex through five transactions.
The users of Bittrex once fell victim to a scam using a homoglyphic URL.
Ledger wallet owners fell victim to a scheme in which they were scammed for 1,150,000 XRP. A community run fraud awareness group xrplorer revealed this news on November 2 and found that the scam exploited a phishing email instructing users to use a fake version of the ledger website that contained a homoglyph in the URL. In this case, the scammers used a letter that resembles an “e”. After accessing the fake website, victims were tricked into downloading malware that masqueraded as a security update. Once installed, the malware emptied the users’ wallets of all their coins.
The tweet from Xrplorer was read,
“This phishing scam (note the fake domain lẹdger.com) has already stolen more than 1,150,000 XRP from @Ledger users. Please be careful! We will follow the money.”
This phishing scam (note the fake domain lẹdger.com) has already stolen more than 1,150,000 XRP from @Ledger users. Please be careful!
We will follow the money. pic.twitter.com/Q8XD2awdo7- XRP Forensics (@xrpforensics) November 2, 2020
The group added that the hackers behind the scam sent the stolen funds to the Bittrex exchange in five different transactions. Xrplorer continued that the exchange was unable to seize the coins in time.
A similar ongoing program
Allegedly, there is another similar phishing e-mail that is addressed to users of the ledger. The schema uses an email that seems to have been sent from the official account for TeamRipple. The scheme allegedly attracts ledger wallet owners by promising to offer a promotional gift to whitelisted addresses as part of a community support program. However, unlike other giveaways, the registration process requires users to submit their ledger seed phrase or private cryptographic key to qualify for the non-existent program.
New SCAM mail is back in [email protected] @Ripple @bgarlinghouse#XRPCommunity pic.twitter.com/o2hjA8TU3r- Ryan (@whatxrpdid) November 5, 2020
This news comes after the General Ledger recently confirmed that it has been the victim of a data breach in which some 500,000 email addresses have been compromised. The hack also leaked the personal data of a subset of 9,500 customers. While the ledger quickly fixed the vulnerability that led to the attack, it was too late because the data had already been leaked. Since then, hackers have tried to use the leaked data to deceive the users of the Ledger by sophisticated means.
The use of homoglyphic URLs is not new in crypto space.
According to reports, this is not the first time that fraudsters have used URLs containing homoglyphs for phishing credentials. This year, there have been several scammers who have used this trick to target XRP owners, with the first scam occurring as early as January. Apart from that, fraudsters set up a fake Binance website, which in 2018 even contained an SSL certificate. Eager users noticed, however, that the fraudsters had replaced the ‘n’ with another version with the sub-item ‘ṇ’.