A cybersecurity researcher has uncovered a significant threat to cryptocurrency self-custody: sophisticated counterfeit Ledger hardware wallets being sold on Chinese marketplaces. The researcher, posting anonymously on Reddit, detailed their experience purchasing a fake Ledger Nano S Plus that appeared legitimate but failed the device's built-in "Genuine Check" when connected to the official Ledger Live app.
Upon disassembling the device, the researcher found modified hardware and firmware specifically engineered to capture sensitive wallet data, including seed phrases. Scammers reportedly target new Ledger users by including QR codes in the packaging that direct them to download a malicious version of the Ledger Live app. This fake app guides users through a fraudulent "Genuine Check," ultimately compromising their funds.
Legitimate Ledger devices are designed to keep private keys completely offline. However, the counterfeit units revealed signs of tampering, including embedded WiFi and Bluetooth antennas. Further analysis of the firmware indicated the use of components from Espressif Systems, a Chinese semiconductor company. This discovery follows a previous incident where a fake Ledger Live app on the Apple App Store defrauded over 50 victims of approximately $9.5 million.