A cybersecurity researcher has uncovered a sophisticated counterfeit Ledger hardware wallet being sold on a Chinese online marketplace, raising serious alarms about supply chain security for self-custody solutions. The researcher, posting under the username "Past_Computer2901" on the "ledgerwallet" Reddit channel, detailed their experience purchasing what they believed was a legitimate Ledger Nano S Plus for personal use.
The device was priced identically to the official Ledger store and arrived in packaging that appeared authentic at first glance. However, upon connecting the device to the genuine Ledger Live application, it failed the built-in "Genuine Check" security feature. This prompted the researcher to disassemble the device, revealing modified hardware and firmware specifically designed to capture and expose sensitive wallet data, including seed phrases.
The researcher described the operation's scale as deeply concerning, stating, "This isn't meant to cause panic, but rather to serve as a serious warning — I’m honestly still a bit shaken by the sheer scale of this operation." The scam specifically targets first-time Ledger users. The counterfeit device includes a QR code that directs victims to download a malicious version of the Ledger Live app, which would then display a fake "Genuine Check" pass, ultimately allowing scammers to steal funds.
Further investigation into the firmware revealed the device identified itself as a "Nano S Plus 7704" during boot mode, but upon completion, it showed components linked to Espressif Systems, a publicly listed Chinese semiconductor company based in Shanghai. Cointelegraph reached out to Espressif for comment but did not receive an immediate response.
This incident follows a related scam earlier in April, where over 50 victims lost a combined $9.5 million after being tricked by a fake Ledger Live app that made its way onto the Apple App Store. The researcher's final warning was clear: "Stay safe out there. Only download Ledger Live from ledger.com. Only buy hardware from ledger.com. If your device fails the Genuine Check — stop using it immediately."
