Many crypto-currency holders use Ledger hardware wallets to store their bitcoin off the exchanges. This is actually the safer way to play it, except when you fall prey to a phishing campaign to lure you to a fake site to update your firmware that instead, drains your wallet.
Unfortunately even when employing a hardware wallet, you still have be on your guard against credential stuffing and phishing attacks.
Earlier in the year, Ledger suffered a data breach that exposed 1 million customer emails, with an under 10,000 user subset of that having their complete contact and address info exposed. Whether it was the same perpetrators who conducted that attack or that the data was simply circulated in the underground economy on the dark web makes little difference. Either way, Ledger users came under attack from phishers.
Most recently, many Ledger customers succumbed to a homoglyph attack, that’s when attackers register an IDN (Internationalized Domain Name) that visually looks like the domain ledger.com, but is really something else entirely.
Example, using this IDN homoglyph attack generator tool, I created this lookalike string for ledger.com:
Looks the same, doesn’t it? But it’s not, that first “e” is really from a foreign character set, and when you render that in punycode that nameservers can understand, it’s actually this:
Any recipients who were fooled by the fake domain who then followed the link and installed the malware had their wallets drained to the tune of 1.1 million XRP, or about $250,000 USD.
Homoglyph attacks like this can be detected by our domPhisher detection system. When and if somebody registers a domain that is a homoglyph for your core brand, we’ll make sure you know about it.
[…] week in regards to how Ledger customers were targeted via a homoglyph attack, into a separate post on the Domainsure blog and when we went to boost it on Facebook they denied it as “circumventing security.” We had to […]