Brazilian Researcher Exposes Sophisticated Counterfeit Ledger Device Scam

A Brazilian security researcher has laid bare a devious counterfeit Ledger hardware wallet operation that's been systematically pillaging users' cryptocurrency. Operating under the Reddit pseudonym "Past_Computer2901" in the "ledgerwallet" channel, the researcher purchased what appeared to be a legitimate Ledger Nano S Plus from a Chinese marketplace—priced exactly the same as the official Ledger store, because apparently scammers have figured out that suspiciously cheap prices are a bit too obvious. Upon connecting the device to their pre-installed genuine Ledger Live app, the unit bombed Ledger's built-in "Genuine Check," which tends to happen when you're holding a lemon instead of a lemon-zested hardware wallet. "This isn't meant to cause panic, but rather to serve as a serious warning — I'm honestly still a bit shaken by the sheer scale of this operation," they admitted.

The scam's favorite victims? First-time Ledger users, because nothing says "easy target" like someone who's never set up a hardware wallet before. The counterfeit device's QR code funnels users toward downloading a malicious version of Ledger Live, complete with a fake "Genuine Check" approval that passes with flying colors—because apparently scammers are also excellent at building things that look legitimate. Users who march through the setup prompts end up exposing their seed phrases to the people behind this operation, handing over the digital keys to their crypto kingdoms. The security researcher pointed out that this scheme represents just one weapon in an increasingly sophisticated arsenal — from supply chain attacks to social engineering and approval scams — that bad actors deploy against self-custody enthusiasts who thought they were being careful.

This revelation drops just weeks after more than 50 victims watched $9.5 million disappear via a separate Ledger-related scam. In that fiasco, a fake Ledger Live app snuck into the Apple App Store through a classic bait-and-switch before getting booted (though not before causing some serious damage). A musician also recently came forward about losing $420,000 in Bitcoin—described as their "retirement fund"—through a fraudulent Ledger app. Because apparently, the crypto version of "I've fallen and I can't get up" is "I've installed and I can't get my money back."

Cracking open the device, the researcher discovered some rather obvious signs of foul play: scraped chip markings and a WiFi and Bluetooth antenna buried inside the unit. Legitimate Ledger hardware products are built to keep private keys permanently offline, which makes the presence of wireless connectivity components about as subtle as a neon sign screaming "I am not what I claim to be." Digging deeper into the firmware, they found that while the device initially introduced itself as a Nano S Plus 7704 with an attached serial number during boot mode, the completed boot sequence revealed a different manufacturer entirely: Espressif Systems, a publicly listed Chinese semiconductor company based in Shanghai. Cointelegraph reached out to Espressif for comment but, predictably, received no immediate response.

The researcher handed down some plain-spoken advice for the crypto community: download Ledger Live exclusively from ledger.com and buy hardware wallets only from the official Ledger website—because apparently "close enough" doesn't cut it when your life savings are involved. "If your device fails the Genuine Check — stop using it immediately," they warned, urging users to stay sharp against increasingly elaborate schemes targeting self-custody solutions. In crypto, as in life, if something seems too good to be true—or in this case, too legitimate to actually be legitimate—your gut is probably right.