London Daily

Focus on the big picture.
Wednesday, Sep 03, 2025

Ledger Hack Victims Are Receiving fake Crypto Hardware Wallets

Ledger Hack Victims Are Receiving fake Crypto Hardware Wallets

A new hack is claiming victims following the the Ledger data breach of July 2020. The new scam involves sending convincing but fake hardware wallets to victims.

Bitcoin Magazine’s pseudonymous author ‘Namcios’ covered the recent scam, detailing how it was done step by step and the victims lured in. Here’s the story:

Victims of a hack of customer data held by bitcoin hardware wallet provider Ledger, which happened almost a year ago, are still apparently being targeted by scammers. Over 1 million victims of the hack had their details exposed, including their names, phone numbers and email addresses. And more than 200,000 people also had their home addresses breached.

Now, some of the victims appear to be receiving counterfeit hardware wallets through the mail. And a recent Reddit post indicates that the new scam attempt is quite sophisticated.

Reddit user u/jjrand, who self-identified as one of the victims of last year’s Ledger data breach, shared that they received a package that appeared to be from Ledger in the mail, even though they hadn’t ordered one. Although the device was wrapped in seemingly authentic packaging, the user could spot some telltale signs that hinted that it was a fake. The package also included a letter, supposedly from Ledger CEO Pascal Gauthier, though it was poorly written and filled with grammatical and spelling errors.

“As you know, Ledger was targeted by a cyberattack that led to a data breach in July 2020,” read the fake letter. “For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.”

Also in the package was a Ledger Nano X box that seemingly contained a legitimate device. However, the Reddit user became suspicious and opened it, sharing pictures demonstrating that the machine was likely tampered with.

Security researcher Mike Grover analyzed the photos and explained to BleepingComputer how the attackers probably carried out their actions.

“This seems to be a simple flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery,” Grover told BleepingComputer in a chat about the photos. “All of the components are on the other side, so I can’t confirm if it is JUST a storage device, but…. judging by the very novice soldering work, it’s probably just an off-the-shelf mini flash drive removed from its casing.”

Grove also explained that “those four wires piggyback the same connections for the USB port of the Ledger.”

Previously, the attackers had sent out phishing emails to victims, prompting them to type in their recovery seeds — the 12 or 24 words used to derive one’s private keys, giving anyone who possesses it complete control of the victim’s funds. By tampering with the device, the attackers likely hoped to get their target to type their recovery words into the fake application, which would allow the bad actors to take control of the victim’s funds.

Therefore, this attack is severe since it could cause a victim to lose all of their funds. Ledger is already aware of this scam and warned users in a post in May.

“The fake user guide in the Nano’s box asks the user to connect the device to a computer,” the post stated. “To initialize the device, the user is then asked to enter his 24 words in a fake Ledger Live application. This is a scam. Do not connect the device to your computer and never share your 24 words. Ledger will never ask you to share your 24-word recovery phrase.”

It is unclear if Ledger has done any active work to educate its customers who saw their data exposed last year with dedicated emails or warnings, apart from the passive blog posts.

Needless to say, under no circumstance should you type your bitcoin wallet seed phrase on any keyboard, take photos of it or have any internet-connected device know about it. The only safe place to store, write and recover a seed phrase is the hardware wallet itself.

MORE ON BITCOIN SEED PHRASES AND PRIVATE KEYS

A seed phrase is a collection of 12 or 24 human-readable words used to generate bitcoin private keys for a wallet. The seed phrase, also known as the recovery phrase or backup phrase, contains all of the information needed to access, spend and recover bitcoin funds. For this reason, the seed phrase has to be kept safe; otherwise, anyone who discovers it can steal the bitcoin.

The private key, which is generated by the seed phrase, is not human readable. It is a secret 256-bit number, usually in hexadecimal format — 64 characters or 32 bytes in the range of zero to nine or A to F.

Modern wallets leverage both seed phrases and private keys to employ Hierarchical Deterministic (HD) Wallets, using BIP32 seeds. HD Wallets allow the wallet to use a single seed phrase to generate a whole sequence of keys, allowing the entire wallet to be restored from that seed.

Source: Ledger Hack Victims Are Receiving fake Hardware Wallets – Fintechs.fi

Comments

Alex 3 year ago
Nicely well-written article. It was an awesome article to read. Complete rich content and fully informative crypto lebanon
Oh ya 4 year ago
If you are going to have a fake money that is not backed by anything, has no assets, produces nothing and is not even a currency you can hold in your hand then a fake wallet is all you need

Newsletter

Related Articles

0:00
0:00
Close
Google Avoids Break-Up in U.S. Antitrust Case as Stocks Rise
Couple celebrates 80th wedding anniversary at assisted living facility in Lancaster
Information Warfare in the Age of AI: How Language Models Become Targets and Tools
The White House on LinkedIn Has Changed Their Profile Picture to Donald Trump
"Insulted the Prophet Muhammad": Woman Burned Alive by Angry Mob in Niger State, Nigeria
Trump Responds to Death Rumors – Announces 'Missile City'
Court of Appeal Allows Asylum Seekers to Remain at Essex Hotel Amid Local Tax Boycott Threats
Germany in Turmoil: Ukrainian Teenage Girl Pushed to Death by Illegal Iraqi Migrant
United Krack down on human rights: Graham Linehan Arrested at Heathrow Over Three X Posts, Hospitalised, Released on Bail with Posting Ban
Asian and Middle Eastern Investors Avoid US Markets
Ray Dalio Warns of US Shift to Autocracy
Eurozone Inflation Rises to 2.1% in August
Russia and China Sign New Gas Pipeline Deal
China's Robotics Industry Fuels Export Surge
Suntory Chairman Resigns After Police Probe
Gold Price Hits New All-Time Record
Von der Leyen's Plane Hit by Suspected Russian GPS Interference in an Incident Believed to Be Caused by Russia or by Pro-Peace or by Anti-Corruption European Activists
UK Fintechs Explore Buying US Banks
Greece Suspends 5% of Schools as Birth Rate Drops
Apollo to Launch $5 Billion Sports Investment Vehicle
Bolsonaro Trial Nears Close Amid US-Brazil Tension
European Banks Push for Lower Cross-Border Barriers
Poland's Offshore Wind Sector Attracts Investors
Nvidia Reveals: Two Mystery Customers Account for About 40% of Revenue
Woody Allen: "I Would Be Happy to Direct Trump Again in a Film"
Pickles are the latest craze among Generation Z in the United States.
Deadline Day Delivers Record £125m Isak Move and Donnarumma to City
Nestlé Removes CEO Laurent Freixe Following Undisclosed Relationship with Subordinate
Giuliani Seriously Injured in Accident – Trump to Award Him the Presidential Medal of Freedom
EU is getting aggressive: Four AfD Candidates Die Unexpectedly Ahead of North Rhine-Westphalia Local Elections
Lula and Putin Hold Strategic BRICS Discussions Ahead of Trump–Putin Summit
WhatsApp is rolling out a feature that looks a lot like Telegram.
Investigations Reveal Rise in ‘Sex-for-Rent’ Listings Across Canada Exploiting Vulnerable Tenants
Chinese and Indian Leaders Pursue Amity Amid Global Shifts
European Union Plans for Ukraine Deployment
ECB Warns Against Inflation Complacency
Concerns Over North Cyprus Casino Development
Shipping Companies Look Beyond Chinese Finance
Rural Exodus Fueling European Wildfires
China Hosts Major Security Meeting
Chinese Police Successfully Recover Family's Savings from Livestream Purchases
Germany Marks a Decade Since Migrant Wave with Divisions, Success Stories, and Political Shifts
Liverpool Defeat Arsenal 1–0 with Szoboszlai Free-Kick to Stay Top of Premier League
Prince Harry and King Charles to Meet in First Reunion After 20 Months
Chinese Stock Market Rally Fueled by Domestic Investors
Israeli Airstrike in Yemen Kills Houthi Prime Minister
Ukrainian Nationalist Politician Andriy Parubiy Assassinated in Lviv
Corporate America Cuts Middle Management as Bosses Take On Triple the Workload
Parents Sue OpenAI After Teen’s Death, Alleging ChatGPT Encouraged Suicide
Amazon Faces Lawsuit Over 'Buy' Label on Digital Streaming Content
×