Malicious Ledger Live extension for Chrome steals Ledger wallet data

Malicious extension Ledger Live

Harry Denley, Director of Security in MyCrypto discovered the malicious Ledger Live extension for Chrome, which is actively advertised on Google and stealing Ledger wallet data.

It masks itself as a real Ledger Live tool intended for users of Ledger hardware wallets and their mobile or desktop devices.

“Extension has no browser permissions. It only has one purpose (to steal your seed phrases)”, – wrote Harry Denley on his Twitter account.

Ledger wallets are small hardware devices that can be used to store the private keys (passwords) needed to access cryptocurrency accounts. These wallets support multiple cryptocurrency formats and provide a way for users to store the private keys for all their cryptocurrency in one place, in an offline format, safe from web-based attacks and phishing attempts.[/box]

Fraudsters diligently maintained the illusion that the fake is the official version of Ledger Live for Chrome, which allows performing exactly the same operations through the browser (check balance, confirm transactions). However, instead, the fake suggested that users install the extension and synchronize with it with their Ledger by entering the seed phrase of the wallet.

A Seed phrase is a 24-word string that is used to move wallet data between devices, as a recovery system in case the user loses or wants to change the device.

“In essence, the fraudulent resolution did nothing more, just showed a pop-up window asking for a seed phrase, and using Google Form it collected and sent this data to its operators”, – said Harry Denley.

Then the scammers could use the stolen seed phrases with their own Ledger wallet and “restore” the wallets of other users (in order to gain access to their accounts and steal funds). Since Ledger hardware wallets can work with more than 20 different cryptocurrencies, a hacker who manages to steal a seed phrase can gain access to considerable sums of money.

Malicious extension Ledger Live
Fake Ledger Live Extension


Currently, the extension is still available in the official Chrome Web Store and has over 120 installations. In addition, according to the researcher, the extension is actively advertised through Google Ads for the keywords “Ledger Live”.

“What kind of shit again?”, you may ask? And you will be right! Only recently I wrote that Shitcoin Wallet for Google Chrome steals cryptocurrency passwords and keys.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *