<

Ledger customers have reported receiving fake replacement devices in the mail, designed to phish private security information

Nearly a year after a database containing the information of more than 270,000 Ledger users was stolen and made public on RaidForums, the consequences have not stopped. Recently, a user on the Reddit forum shared at the r/Ledgerwallet community that he was one of the people who were severely affected by the breach. This account posted an image of what appeared to be a fake Ledger Nano X wallet that he received.

Ledger customers have reported receiving fake replacement devices in the mail

Enclosed in seemingly trustworthy packaging, the device has a number of noticeable markings that raise suspicions among users. Most astonishing was that the package came with a sketchy letter, signed by Ledger chief executive Pascal Gauthier.

A poorly written letter claiming:

“For security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.”

ledger-customers-have-reported-receiving-fake-replacement-devices-in-the-mail

Box containing allegedly fraudulent Ledger device | Source: Reddit

Based on the device’s circuit board, security researcher Mike Grover thinks it’s a rogue device:

“This seems to be a simple flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery. All of the components are on the other side, so I can’t confirm if it is JUST a storage device, but judging by the very novice soldering work, it’s probably just an off-the-shelf mini flash drive removed from its casing.”

Grover highlighted a section of the back of the device, showing the flash drive implant and noting that those 4 wires piggyback the same connections for the USB port of the Ledger.

ledger-customers-have-reported-receiving-fake-replacement-devices-in-the-mail

Back of fake Ledger device | Source: Reddit, with highlight added by Mike Grover

Based on analysis by Grover and BleepingComputer, it appears that the device was designed to transfer the user’s recovery phrases to another device, controlled by the fraudsters. They can then be used to steal users’ funds.

In an online post on May 10, Ledger warned customers about fake mail and devices:

“The fake user guide in the Nano’s box asks the user to connect the device to a computer. To initialize the device, the user is then asked to enter his 24 words in a fake Ledger Live application. This is a scam. Do not connect the device to your computer and never share your 24 words. The Ledger will never ask you to share your 24-word recovery phrase.”

Despite the warning, it remains unclear whether the company will be in direct contact with users, especially those affected by the leak. Ledger has yet to respond to this story.

Read more: 

Follow us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like

LATEST NEWS

LASTEST NEWS