Scammers mail out fake hardware wallets to victims of Ledger data breach

Published at: June 17, 2021

The consequences of Ledger’s major data breach continue to be felt almost a year later. One contributor to the r/Ledgerwallet forum on Reddit, writing under the tag u/jjrand and self-identified as one of those affected by the breach, has posted images of what appears to be a fake Ledger Nano X wallet received in the mail.

Wrapped in seemingly authentic packaging, the device nonetheless included several tell-tale signs that sparked the contributor’s suspicion. Most jarringly, the package came together with a poorly written letter claiming to be signed by Ledger CEO Pascal Gauthier, telling its recipient:

“For security purposes we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.”

Aside from the letter, u/jjrand also received a fake manual, enclosing instructions regarding how to use the device and, crucially, asking that the user enter their private Ledger recovery phrase to connect their cryptocurrency wallet to the new hardware. On the basis of further images showing the device’s circuit board uploaded to Reddit, security researcher Mike Grover told BleepingComputer that the fake device was tampered with:

“This seems to be a simply flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery. All of the components are on the other side, so I can’t confirm if it is JUST a storage device, but [...] judging by the very novice soldering work, it’s probably just an off the shelf mini flash drive removed from its casing.”

Grover highlighted a section of the back of the device, showing the flash drive implant and noting that “those 4 wires piggyback the same connections for the USB port of the Ledger.” 

On the basis of Grover and BleepingComputer's analysis, it appears that the heist is designed to intercept the user’s entered recovery phrase in order to reroute the details to a device controlled by the scammers, which they can then use to steal the associated cryptocurrency holdings.

Related: Ledger data leak: A ‘simple mistake’ exposed 270K crypto wallet buyers

In an online post dated May 10 but not cited by u/jjrand, Ledger had already warned customers against the fake letter and device, stating that:

“The fake user guide in the Nano’s box asks the user to connect the device to a computer. To initialize the device, the user is then asked to enter his 24 words in a fake Ledger Live application. This is a scam. Do not connect the device to your computer and never share your 24 words. Ledger will never ask you to share your 24-word recovery phrase.”

The warning is thus included as part of Ledger’s online list of phishing campaigns of which the company is aware. Ledger told Cointelegraph that it is trying to alert its customers – especially those whose leaked details may leave them more susceptible to falling for similar ruses – about the risks they continue to face. In an email, a company representative said that:

"We communicated several times to our customer base to explain to them what happened with the data leak in 2020 and how they could protect themselves via email, social media communications and we regularly participate to AMAs, podcasts and conferences to give all the tools to avoid being trapped in scams and phishing attempts."

As previously reported, other consequences of the data leak have included Ledger users receiving emails from extortionists threatening physical violence or other criminal attacks. The original data breach had occurred in June and July 2020 and included 1,075,382 email addresses from users subscribed to the Ledger newsletter. It notably also involved the leak of personal information (including home addresses) associated with 272,853 hardware wallet orders. 

Tags
Related Posts
Ledger hardware wallets hit by the FTX earthquake, CTO says
Hardware-based cryptocurrency wallet provider Ledger has experienced some issues due to massive outflows from crypto exchanges amid the FTX bloodbath, according to its chief technology officer. Ledger saw a “massive usage” of their platforms and suffered a “few scalability challenges” on Nov. 9, Ledger CTO Charles Guillemet reported in a statement on Twitter. Guillemet reasoned Ledger’s issues by the outcomes of the ongoing crisis of a major global cryptocurrency exchange, FTX. The CTO said that crypto investors have been increasingly offloading their holdings from crypto exchanges to Ledger, stating: “ After the FTX earthquake, there's a massive outflow from exchanges …
Bitcoin / Nov. 10, 2022
Ledger hardware wallet provider sees 500% revenue surge in Q1
Ledger, a leading cryptocurrency security and infrastructure company, reported a dramatic increase in first-quarter sales, underscoring the strength of the bull market through the first three months of 2021. Revenues surged over 500% between January and March, the company reported Wednesday. Ledger said it was profitable during the quarter, but didn’t disclose actual figures. Ledger is the company behind the Ledger Nano S and Nano X hardware wallets, which allow users to self-custody digital assets such as Bitcoin (BTC). It competes for market share with Trezor and several other lesser-known wallets. “The entire industry is in hyper-growth, and we are …
Business / May 19, 2021
Former digital head at luxury brand group LVMH takes role at Ledger
The revolving door between traditional finance and the crypto space is well established. Now, executives from the luxury goods sector appear to be following in their steps. Ian Rogers, formerly the chief digital officer at LMVH, is taking on a new role as “chief experience officer” at Ledger, the well-known French crypto hardware and software maker. LMVH was formed in 1987 from the merger of high fashion house Louis Vuitton and Moët Hennessy, which itself formed from a merger of champagne maker Moët & Chandon and cognac producer Hennessey, back in 1971. The newly-created role of chief experience officer involves …
Business / Nov. 30, 2020
Ledger Commits to Remedying Nano S Update That Decreased Storage Capacity
French cryptocurrency hardware wallet company Ledger published a post on its official blog on Feb. 14 apologizing for issues with a recent firmware update for its Ledger Nano S. Specifically, the update reportedly decreased the device’s storage capacity, which the firm has promised to remedy. “This was not planned obsolescence, simply put, we messed up. We apologize and we’re committed to making it right,“ the post states. Some users had interpreted the firmware version 1.5.5 update as a way to bring planned obsolescence to the Ledger Nano S. The reason for the suspicion is that the update was released shortly …
Blockchain / Feb. 15, 2019
Ledger launches NFT-focused hardware wallet Nano S Plus
Ledger, a major supplier of hardware wallets designed for secure storage of cryptocurrencies like Bitcoin (BTC), is launching a brand new wallet specializing in nonfungible tokens (NFTs). The new product, called Ledger Nano S Plus, is the next generation to the original Nano iteration released in 2016, and is designed with NFT collectors' needs in mind, Ledger announced to Cointelegraph on Tuesday. The new Ledger Nano S Plus is the sixth hardware wallet produced by Ledger since the company introduced its first wallet HW1 back in 2015, the company’s chief experience officer Ian Rogers told Cointelegraph. The product is also …
Adoption / April 5, 2022