4 Minutes
Brazilian Researcher Exposes Counterfeit Ledger Scam
A Brazilian cybersecurity researcher has uncovered a dangerous counterfeit hardware wallet scheme involving a modified Ledger Nano S Plus designed to steal cryptocurrency from unsuspecting buyers. The discovery, shared by the researcher known online as “Past_Computer2901,” highlights a growing threat in the crypto hardware wallet market, where attackers are targeting users searching for cheap or unofficial devices.
The researcher said he bought what looked like a regular Ledger Nano S Plus from a Chinese online marketplace. At first glance, the packaging and pricing seemed believable, but when the device was connected to the official Ledger Live desktop app, it immediately failed the Genuine Check. That warning sign led to a deeper inspection.
Fake Hardware Hidden Inside the Wallet
After opening the device, the researcher found that the internal hardware had been heavily altered. The counterfeit unit included WiFi and Bluetooth antennas, components that do not exist in the legitimate Ledger Nano S Plus. This kind of modification is especially alarming because Ledger hardware wallets are designed to keep private keys offline and protected from remote attacks.
According to the analysis, the scammers went to significant lengths to conceal the fraud. Original chip markings had been scraped off, and the boot sequence initially made the device appear to be a Nano S Plus 7704. However, the final hardware identification revealed Espressif Systems, a Shanghai-based semiconductor company, exposing the fake nature of the wallet.
Malicious QR Code Leads Users to Fake App
What makes this scheme even more dangerous is the setup process. The packaging reportedly includes a QR code that directs buyers to a fraudulent version of Ledger Live. This counterfeit app is designed to bypass security warnings and falsely confirm that the device is genuine.
Once a victim follows the prompts to create or enter a seed phrase, the compromised firmware captures that sensitive recovery data. With the seed phrase in hand, the attackers can gain full control of the wallet and drain crypto assets such as Bitcoin, Ethereum, and other digital currencies.
“This isn’t meant to cause panic, but rather to serve as a serious warning,” the researcher wrote. “I’m honestly still a bit shaken by the sheer scale of this operation.”
Why Hardware Wallet Security Matters
This case is a strong reminder that crypto wallet security depends not only on software but also on the authenticity of the device itself. Hardware wallets are widely used for cold storage because they protect private keys from malware, phishing attacks, and online exposure. But those protections disappear if the device has been tampered with before it reaches the user.
The discovery also follows another recent crypto security incident involving a fake app that slipped past Apple App Store protections through a bait-and-switch tactic. That malicious software reportedly tricked more than 50 users into revealing recovery phrases and led to $9.5 million in losses before being removed.
How Crypto Users Can Stay Safe
Crypto investors should take extra care when buying hardware wallets. The safest option is to purchase directly from the official Ledger website and download Ledger Live only from ledger.com. Any device that fails the Genuine Check should be stopped immediately and not used under any circumstances.
As hardware wallet scams become more advanced, users must remain alert to counterfeit crypto products, fake setup apps, phishing QR codes, and compromised seed phrase prompts. In the blockchain and cryptocurrency space, security begins with verifying every step before storing digital assets.
Leave a Comment