TLDR
- Counterfeit Ledger devices mimic real products but fail genuine checks and contain tampered internal components.
- Modified chips and added wireless hardware enable hidden data transmission from compromised devices.
- Fake Ledger Live apps trick users into entering seed phrases, giving attackers full wallet access.
- New users remain key targets as scammers exploit setup processes and limited security awareness.
A cybersecurity researcher has raised alarm over counterfeit Ledger hardware wallets sold through Chinese marketplaces. The devices are designed to steal cryptocurrency by tricking users into revealing sensitive recovery phrases through manipulated hardware and software systems.
Fake Ledger Devices Use Advanced Hardware Tampering
A recent alert shared by Cointelegraph described a growing scam involving counterfeit Ledger devices. The report cites a cybersecurity researcher who discovered the issue after purchasing a device that appeared authentic.
The packaging and listing closely matched official products, which made detection difficult at first glance.
However, problems emerged when the device failed the built-in “Genuine Check” within the official Ledger Live application.
Following this failure, the researcher dismantled the device to examine its internal components.
The inspection revealed clear signs of tampering, including altered chips and additional hardware elements not found in genuine units.
Some components were marked with Espressif Systems branding, instead of Ledger’s original parts.
The device also included embedded WiFi and Bluetooth antennas, which are not present in legitimate hardware wallets.
These additions suggest the device was engineered to transmit sensitive data externally. Ledger devices are designed to keep private keys offline, making such modifications a direct security risk.
Malicious Software Targets Seed Phrases
The scam extends beyond hardware manipulation and includes deceptive software tactics. According to the report, the counterfeit package often includes a QR code directing users to a malicious version of Ledger Live.
This fake application mimics the official interface and presents a falsified “Genuine Check” result. As a result, users may believe the device is safe to use.
Once installed, the application prompts users to enter their 24-word recovery phrase. This step is presented as part of the setup process, which can mislead first-time users.
The entered seed phrase is then transmitted to attackers, giving them full access to the wallet. Funds can be drained at any time without further user interaction.
The researcher, posting under the alias “Past_Computer2901” on Reddit, described the operation as highly organized.
The post warned that new users are the primary targets due to their limited experience with hardware wallet verification.
The report also referenced a separate incident involving a fake Ledger Live app on the Apple App Store. In that case, over 50 users lost a combined $9.5 million before the application was removed.
Security guidance within the report advises users to purchase devices only from official sources such as Ledger or authorized resellers. It also stresses avoiding any device that comes with a pre-written recovery phrase.
Users are advised never to input seed phrases into any digital interface. The recovery phrase should only be written down and stored securely offline.
If a device fails the official Ledger Live verification process, it should not be used under any circumstances. Immediate discontinuation is recommended to prevent potential loss of funds.
