Peter Zhang
Apr 17, 2026 06:55
Safety researcher exposes counterfeit Ledger gadgets with embedded wi-fi antennas designed to steal crypto. Comes days after $9.5M pretend app losses.
Counterfeit Ledger {hardware} wallets rigged with hidden WiFi and Bluetooth antennas are being offered on Chinese language marketplaces at official retail costs, in accordance with a Brazilian safety researcher who bought one for private use and almost fell sufferer to the scheme.
The invention, posted to Reddit on April 16 below the deal with “Past_Computer2901,” reveals a provide chain assault concentrating on first-time {hardware} pockets consumers. The pretend gadget handed visible inspection however failed Ledger’s built-in authenticity verification when linked to the official Ledger Dwell app.
“This is not meant to trigger panic, however relatively to function a critical warning — I am truthfully nonetheless a bit shaken by the sheer scale of this operation,” the researcher wrote.
Contained in the Counterfeit Machine
After the gadget failed Ledger’s Real Examine, the researcher disassembled it. What they discovered was alarming: scraped chip markings and wi-fi communication {hardware} embedded inside a unit that ought to function totally offline.
Professional Ledger merchandise hold non-public keys air-gapped from internet-connected methods. The addition of WiFi and Bluetooth capabilities suggests the counterfeit gadget might transmit stolen seed phrases to attackers remotely.
Digging into the firmware revealed extra crimson flags. Whereas the gadget initially recognized itself as a Nano S Plus 7704 with a valid-looking serial quantity, the boot sequence uncovered the precise producer: Espressif Programs, a Shanghai-based semiconductor firm with no connection to Ledger’s provide chain.
Cointelegraph reached out to Espressif for remark however acquired no quick response.
The Assault Vector
The rip-off particularly targets consumers unfamiliar with Ledger’s ecosystem. A QR code included within the packaging directs customers to obtain a malicious model of Ledger Dwell relatively than the official app from ledger.com.
This pretend app shows a spoofed “Real Examine” that seems to validate the counterfeit {hardware}. Customers who proceed by the setup course of finally enter their seed phrases, giving attackers full entry to empty funds at any time.
A part of a Broader Wave
The counterfeit {hardware} discovery comes simply days after a separate Ledger-related assault made headlines. On April 14, blockchain investigator ZachXBT reported {that a} pretend Ledger Dwell app distributed by Apple’s App Retailer had stolen $9.5 million from greater than 50 victims earlier than Apple eliminated it.
That assault used a bait-and-switch technique to bypass App Retailer evaluate, initially showing as a official productiveness app earlier than updating to imitate Ledger’s official software program.
Collectively, these incidents spotlight how scammers are investing important sources to compromise customers who select self-custody over centralized exchanges. The counterfeit {hardware} operation required manufacturing customized PCBs, embedding wi-fi parts, creating modified firmware, and creating convincing packaging — a considerable operation suggesting organized felony involvement.
Defending Your self
The researcher’s recommendation is simple: buy {hardware} wallets solely from official producer web sites, obtain companion apps solely from verified sources, and deal with any gadget that fails authenticity checks as compromised.
“In case your gadget fails the Real Examine — cease utilizing it instantly,” they warned.
For the Ledger Nano S Plus, which retails between $59 and $85, the pricing on the Chinese language market matched official charges — which means consumers had no discount-based warning indicators to tip them off earlier than buy.
Picture supply: Shutterstock
