Scam alert: Ledger users receive fake hardware wallets

The French startup Ledger, the world’s leading cold crypto wallet producer, has once again fallen foul of a security breach. This time, the attack takes a physical form, with fake USB drives sent to Ledger customers.

Ledger plagued by new security breach

In December 2020, ledger customer data was hacked and published for free online. Previously, some of this data had been sold for a tidy sum on the black market.

This data contains the contact details, email addresses, postal addresses and telephone numbers of Ledger users.

This month, the nightmare turned out not to be over for tens of thousands of customers of the French startup.

The theft of data in December allowed scammers to retrieve the postal addresses of customers. Instead of carrying out classic phishing by email, the scammers this time organised a physical phishing via fake Ledger Nano X USB sticks.

These are being sent out in a package that looks like those sent by Ledger. From the outside, it is difficult to detect the scam. However, the package is accompanied by a letter ‘signed’ by ledger’s CEO, Pascal Gauthier. The terrible writing quality leaves you wondering:

“For security purposes we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.”

The box also contains a fake user guide that asks the user to connect the key to a computer. During this step, the user is then prompted to enter their 24-word passcode.

A scam reported by a customer on Reddit

In order to warn potential victims, a Ledger customer posted a message on Reddit’s r/Ledgerwallet forum. Writing under the pseudonym u/jjrand, the contributor accompanied his message with photos of the letter, the fake user guide, the box and the open key.

This post prompted a reaction from security researcher Mike Grover, who, by comparing the photo of the fake key to that of a real Ledger key, found that the printed circuit board was very different. The fake key aims to retrieve the 24-word passcode and redirect it to a device controlled by the scammers.

The French startup claims to be aware of this scam since May. It issued several warning messages reminding that customers should never communicate their 24-word passcode and that Ledger never sends a USB flash drive without the request coming from the customer.

Plus d’actions

( Rédactrice )

Back in 2017, when I started out in the crypto space it was 95% men and women were barely seen… and to be honest not much has changed, however there does seem to be light at the end of the tunnel. I am proud to represent women in this male dominated industry which is passionate and the future!

The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.
Back To Top


Get the best and most up-to-date crypto news straight to your inbox

Newsletter subscription


Read the latest newsletters
Click here

Free coaching

Free coaching/ Receive a free hour of coaching with an expert/ Fill in this form and our expert will contact you within 48 hours./Log into your coaching portal

© Copyright Cointribune - tous droits réservés

Agence Tempo