A Brazilian security researcher has warned others of the latest counterfeit Ledger device scam aimed at stealing users’ crypto.
Posting as “Past_Computer2901” on the “ledgerwallet” Reddit channel on Thursday, the security researcher said they purchased what they thought was a legitimate Ledger device for personal use, but soon realized after it arrived that it was a sophisticated counterfeit aimed at stealing user funds.
“This isn’t meant to cause panic, but rather to serve as a serious warning — I’m honestly still a bit shaken by the sheer scale of this operation,” they said.
Scammers are adopting increasingly sophisticated strategies to target users opting for self-custody, from supply chain attacks to social engineering and approval scams.
Earlier this month, more than 50 victims were tricked into revealing their seed phrases on a fake Ledger Live app that made its way to the Apple App Store via a bait-and-switch strategy. The victims lost a combined $9.5 million before Apple took down the malicious app.
How the counterfeit Ledger device scam works
The researcher said he bought the Ledger Nano S Plus from a Chinese marketplace, which was priced the same as the official Ledger store. The packaging and the listing also appeared legitimate at first.
However, when they connected the device to the genuine Ledger Live app — which was luckily already installed on their computer — it failed Ledger’s built-in “Genuine Check.”
This prompted them to pull apart the device, discovering modified hardware and firmware designed to capture and expose sensitive wallet data.
The security researcher said the scammers target first-time Ledger users, as the QR code that comes in the box would normally direct users to download a malicious version of the Ledger Live app that would show a fake “Genuine Check.”
Users continuing to follow the prompts will eventually allow scammers to obtain a user’s seed phrases and drain funds at any time.
“Stay safe out there. Only download Ledger Live from ledger.com. Only buy hardware from ledger.com,” the security researcher said.
“If your device fails the Genuine Check — stop using it immediately.”
After pulling apart the device, they discovered clear signs of tampering, including scraped chip markings and a WiFi and Bluetooth antenna embedded inside the unit.
Legitimate Ledger hardware products are designed to keep private keys fully offline.
Related: Musician loses $420K Bitcoin ‘retirement fund’ via fake Ledger app
The security researcher then looked into the firmware, putting the “chip into boot mode,” which initially identified the device as a Nano S Plus 7704 with an attached serial number.
However, once the boot sequence completed, another manufacturer’s name showed up: Espressif Systems, a publicly listed Chinese semiconductor company based in Shanghai.
Cointelegraph reached out to Espressif for comment but didn’t receive an immediate response.
Magazine: What’s a ‘Network State’ and are there real-life examples? Big Questions