Peter Zhang
Apr 17, 2026 06:55
Safety researcher exposes counterfeit Ledger gadgets with embedded wi-fi antennas designed to steal crypto. Comes days after $9.5M pretend app losses.
Counterfeit Ledger {hardware} wallets rigged with hidden WiFi and Bluetooth antennas are being bought on Chinese language marketplaces at official retail costs, in keeping with a Brazilian safety researcher who bought one for private use and almost fell sufferer to the scheme.
The invention, posted to Reddit on April 16 beneath the deal with “Past_Computer2901,” reveals a provide chain assault focusing on first-time {hardware} pockets consumers. The pretend system handed visible inspection however failed Ledger’s built-in authenticity verification when related to the authentic Ledger Dwell app.
“This is not meant to trigger panic, however reasonably to function a severe warning — I am truthfully nonetheless a bit shaken by the sheer scale of this operation,” the researcher wrote.
Contained in the Counterfeit System
After the system failed Ledger’s Real Verify, the researcher disassembled it. What they discovered was alarming: scraped chip markings and wi-fi communication {hardware} embedded inside a unit that ought to function solely offline.
Respectable Ledger merchandise maintain non-public keys air-gapped from internet-connected programs. The addition of WiFi and Bluetooth capabilities suggests the counterfeit system might transmit stolen seed phrases to attackers remotely.
Digging into the firmware revealed extra crimson flags. Whereas the system initially recognized itself as a Nano S Plus 7704 with a valid-looking serial quantity, the boot sequence uncovered the precise producer: Espressif Techniques, a Shanghai-based semiconductor firm with no connection to Ledger’s provide chain.
Cointelegraph reached out to Espressif for remark however obtained no instant response.
The Assault Vector
The rip-off particularly targets consumers unfamiliar with Ledger’s ecosystem. A QR code included within the packaging directs customers to obtain a malicious model of Ledger Dwell reasonably than the official app from ledger.com.
This pretend app shows a spoofed “Real Verify” that seems to validate the counterfeit {hardware}. Customers who proceed via the setup course of finally enter their seed phrases, giving attackers full entry to empty funds at any time.
A part of a Broader Wave
The counterfeit {hardware} discovery comes simply days after a separate Ledger-related assault made headlines. On April 14, blockchain investigator ZachXBT reported {that a} pretend Ledger Dwell app distributed via Apple’s App Retailer had stolen $9.5 million from greater than 50 victims earlier than Apple eliminated it.
That assault used a bait-and-switch technique to bypass App Retailer overview, initially showing as a authentic productiveness app earlier than updating to imitate Ledger’s official software program.
Collectively, these incidents spotlight how scammers are investing vital sources to compromise customers who select self-custody over centralized exchanges. The counterfeit {hardware} operation required manufacturing customized PCBs, embedding wi-fi parts, creating modified firmware, and creating convincing packaging — a considerable operation suggesting organized prison involvement.
Defending Your self
The researcher’s recommendation is easy: buy {hardware} wallets completely from official producer web sites, obtain companion apps solely from verified sources, and deal with any system that fails authenticity checks as compromised.
“In case your system fails the Real Verify — cease utilizing it instantly,” they warned.
For the Ledger Nano S Plus, which retails between $59 and $85, the pricing on the Chinese language market matched official charges — which means consumers had no discount-based warning indicators to tip them off earlier than buy.
Picture supply: Shutterstock
