A Brazilian researcher using the handle “Past_Computer2901” posted on r/ledgerwallet after uncovering a sophisticated counterfeit Ledger Nano S Plus being offered on a Chinese marketplace. The unit the researcher bought looked authentic — correct packaging and price — but behaved differently when put to the test.
When the device was connected to an official Ledger Live installation it failed Ledger’s built-in “Genuine Check.” On opening the casing, the researcher discovered altered hardware and firmware designed to harvest wallet data. Modifications included scraped markings on chips and an integrated Wi‑Fi/Bluetooth antenna, additions that have no place in genuine Ledger models, which are engineered to keep private keys isolated and offline.
The counterfeit kit appears aimed at newcomers. Packaging included QR codes that can lead buyers to a malicious copy of Ledger Live that mimics the real app and even displays a spoofed “Genuine Check.” Following the fake app’s prompts can coax users into revealing their seed phrases, giving attackers full access to funds. Earlier this month a similarly deceptive Ledger Live clone made it into the Apple App Store through a bait‑and‑switch strategy, reportedly victimizing more than 50 people and enabling combined losses around $9.5 million before Apple removed the app.
To investigate firmware, the researcher put the device’s chip into boot mode. The unit initially identified itself as a Nano S Plus 7704 with a serial number, but the boot sequence later exposed a different vendor name: Espressif Systems, a Shanghai‑based semiconductor firm. Cointelegraph contacted Espressif for comment but did not receive an immediate reply.
The researcher’s findings are a reminder that physical appearance and packaging aren’t reliable indicators of authenticity. Recommended precautions: download Ledger Live only from ledger.com, buy hardware only from ledger.com or an authorized reseller, and never enter or disclose your seed phrase to apps or websites. If your hardware wallet fails the Genuine Check, stop using it immediately and contact Ledger support for guidance.