Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Phishing and scams targeting Ledger wallet owners are increasing, and one of the scam websites obtained more than 1,150,000 XRP from victims. This scam uses phishing emails to direct users to a fake Ledger website. On this fake website, the victim was tricked into downloading malware that pretended to be a security update, resulting in the theft of all Ledger wallet balances. According to the fraud identification website xrplorer operated by the community, the XRP obtained from the scam was sent to Bittrex through 5 deposits, but the exchange “cannot freeze XRP in time”. Attack method (per SlowMist): Phishing attack. Reported loss: 1,150,000 XRP.
- chain
- —
- protocol
- Ledger
- bug_class
- phishing
- date_occurred
- 2020-11-06
- loss_usd
- —
- source_id
- sm:ledger::2020-11-06