A Brazilian security researcher posting as “Past_Computer2901” on the r/ledgerwallet subreddit warned of a sophisticated counterfeit Ledger device sold on a Chinese marketplace that aims to steal users’ crypto.
The researcher bought what appeared to be a legitimate Ledger Nano S Plus priced and packaged like the official product. When connected to a genuine Ledger Live installation, the device failed Ledger’s built-in “Genuine Check.” After disassembling the unit, the researcher found modified hardware and firmware intended to capture and expose sensitive wallet data — including scraped chip markings and an embedded Wi‑Fi/Bluetooth antenna. Legitimate Ledger devices are designed to keep private keys fully offline.
The scammers appear to target first‑time Ledger users. QR codes included in counterfeit packaging can direct buyers to a malicious Ledger Live copy that displays a fake “Genuine Check.” Following the prompts on that fake app can prompt users to reveal seed phrases, allowing attackers to drain funds. Earlier this month a fake Ledger Live app reached the Apple App Store via a bait‑and‑switch, tricking over 50 victims and resulting in a reported combined loss of about $9.5 million before Apple removed the malicious app.
The researcher examined the device firmware by placing the chip into boot mode. The device initially identified as a Nano S Plus 7704 with an attached serial number, but the boot sequence later revealed another manufacturer’s name: Espressif Systems, a Shanghai‑based semiconductor company. Cointelegraph reached out to Espressif for comment and did not receive an immediate response.
The researcher emphasized caution: only download Ledger Live from ledger.com and only buy hardware from ledger.com. If your device fails the Genuine Check, stop using it immediately.