A cybersecurity researcher in Brazil says a “Ledger” hardware wallet they bought from a Chinese marketplace turned out to be a custom‑built device designed to steal crypto. The seller advertised the unit as a Ledger Nano S Plus, priced it roughly the same as the official store, and shipped it in packaging that looked legitimate.
The researcher, who posted under the handle “Past_Computer2901” on Reddit’s r/ledgerwallet forum, said nothing seemed wrong at first. But when they connected the device to the genuine Ledger Live app already installed on their computer, it immediately failed Ledger’s built‑in “Genuine Check.”
That warning led them to open the device and inspect the hardware. Inside, they found clear signs of tampering, including scraped chip markings and even a WiFi and Bluetooth antenna hidden in the body of the wallet, something no real Ledger product includes.
How the Fake “Ledger” Tried to Steal Seed Phrases
The researcher says the scam appears designed to catch first‑time hardware wallet users. The box contained a QR code that, in a normal purchase, would send buyers to Ledger’s official software. In this case, it likely pointed to a malicious “Ledger Live” clone that would show a fake Genuine Check result.
The fraudulent program may ask victims to enter their 24-word recovery phrase if they follow the instructions, stating that doing so is necessary to validate or restore the wallet. Scammers can replicate the wallet on their own device and withdraw all money at any moment once someone types the phrase.
The Brazilian researcher took it a step further and put the chip in boot mode to get to the firmware. At one point, the device said it was a Nano S Plus 7704. But after the boot procedure, it showed another manufacturer: Espressif Systems, a Shanghai-listed chipmaker known for making WiFi-enabled microcontrollers for low-cost Internet of Things devices. That one thing strongly suggests that the device was made with parts that are already available.
Part of a Broader Wave of Scams
This hardware scam surfaces just as Ledger users face other attacks. Earlier this month, a fake Ledger Live app on Apple’s App Store tricked more than 50 victims into entering seed phrases and stole about $9.5 million in crypto before Apple pulled it down.
Ledger has also dealt with customer data breaches at third‑party providers, which exposed names and contact details and fueled targeted phishing.
READ MORE: MSTR Stock Alarming Pattern Points to a Crash to $100 as Risks Remain
