A cybersecurity researcher in Brazil says a “Ledger” hardware wallet they bought from a Chinese marketplace turned out to be a custom‑built device designed to steal crypto. The seller advertised the unit as a Ledger Nano S Plus, priced it roughly the same as the official store, and shipped it in packaging that looked legitimate.
The researcher, who posted under the handle “Past_Computer2901” on Reddit’s r/ledgerwallet forum, said nothing seemed wrong at first. But when they connected the device to the genuine Ledger Live app already installed on their computer, it immediately failed Ledger’s built‑in “Genuine Check.”
That warning led them to open the device and inspect the hardware. Inside, they found clear signs of tampering, including scraped chip markings and even a Wi-Fi and Bluetooth antenna hidden in the wallet’s body, something no real Ledger product includes.
How the Fake “Ledger” Tried to Steal Seed Phrases
The researcher says the scam appears designed to catch first‑time hardware wallet users. The box contained a QR code that, in a normal purchase, would send buyers to Ledger’s official software. In this case, it likely pointed to a malicious “Ledger Live” clone that would show a fake Genuine Check result.
The fraudulent program may ask victims to enter their 24-word recovery phrase if they follow the instructions, stating that doing so is necessary to validate or restore the wallet. Scammers can replicate the wallet on their own device and withdraw all the money at any time by simply typing the phrase.
The Brazilian researcher took it a step further and put the chip into boot mode to access the firmware. At one point, the device displayed the model number Nano S Plus 7704. But after the boot procedure, it showed another manufacturer: Espressif Systems, a Shanghai-listed chipmaker known for making WiFi-enabled microcontrollers for low-cost Internet of Things devices. That one thing strongly suggests the device was made with readily available parts.
Part of a Broader Wave of Scams
This hardware scam surfaces just as Ledger users face other attacks. Earlier this month, a fake Ledger Live app on Apple’s App Store reportedly tricked more than 50 victims into entering seed phrases and stole about $9.5 million in crypto before Apple removed it.
Ledger has also experienced customer data breaches involving third‑party providers, exposing names and contact details, and fueling targeted phishing.
READ MORE: MSTR Stock Alarming Pattern Points to a Crash to $100 as Risks Remain
