Counterfeit Ledger Devices Uncovered
A Brazilian security expert has recently unveiled a sophisticated scheme involving counterfeit Ledger devices designed to manipulate unsuspecting cryptocurrency users into losing their digital assets. Operating under the pseudonym “Past_Computer2901”, the researcher shared this alarming discovery on Reddit after acquiring what seemed to be an authentic Ledger Nano S Plus from a popular Chinese online marketplace.
Discovery of Tampered Devices
At first glance, the packaging and price conformed to the official specifications of Ledger’s products. However, upon connecting the device to the genuine Ledger Live desktop application, it failed a crucial “Genuine Check”, signaling potential foul play. This prompted a detailed physical inspection, which revealed that the device’s internal components had been tampered with, incorporating unauthorized WiFi and Bluetooth antennas that do not exist in legitimate models.
Scammers’ Tactics
Scammers are reportedly using these altered devices to dupe novice buyers. The counterfeit device package includes a QR code leading to a fraudulent version of the Ledger Live application. This counterfeit app sidesteps security prompts, falsely assuring users about the device’s authenticity. When users are misled into generating or entering their seed phrases, the compromised firmware captures this sensitive information, enabling fraudsters to access and drain their wallets at will.
“I’m not trying to incite fear but rather to issue a stern warning. The scale of this operation is truly unsettling,” the researcher admitted in their post.
Concealment Efforts by Fraudsters
Investigations into the device also revealed efforts by the fraudsters to conceal their activities, including scraping off the original identification markings from chips. Initially, the device presented itself as a Nano S Plus model 7704, but the inspection revealed it was manufactured by Espressif Systems, a semiconductor company based in Shanghai. Such modifications violate the core security principles that Ledger builds into their products, which are designed to keep cryptocurrency private keys strictly offline, away from potential online threats.
Recent Alarming Events
This incident comes on the heels of another alarming event where a malicious app managed to bypass Apple’s App Store security, tricking over 50 users into exposing their recovery phrases, leading to a staggering theft of $9.5 million before the app was removed from the store.
Advice for Users
In light of these events, the researcher strongly advises users to protect themselves by only downloading the official Ledger Live application from ledger.com and purchasing hardware solely from the same official site. They emphasize that if a device fails the Genuine Check, it should be stopped from use immediately.
Previously reported incidents demonstrate that scammers are increasingly targeting Ledger users with fraudulent applications posing as official services.
