Coindesk Logo

Scammers Are Sending Ledger Users Fake Hardware Wallets

Scammers Are Sending Ledger Users Fake Hardware Wallets

Scammers Are Sending Ledger Users Fake Hardware Wallets

The fake wallets are an escalation in phishing attempts following a 2020 data breach that exposed 272,000 customer addresses.

The fake wallets are an escalation in phishing attempts following a 2020 data breach that exposed 272,000 customer addresses.

The fake wallets are an escalation in phishing attempts following a 2020 data breach that exposed 272,000 customer addresses.

AccessTimeIconJun 17, 2021, 9:32 PM
Updated Aug 21, 2021, 7:08 PM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

The 2020 data breach of the hardware wallet company Ledger has taken yet another turn. 

Scammers are sending fake hardware wallets to people whose data was gathered via a third-party data breach. These fake wallets contain hardware designed to steal the user's crypto. 

The scam is an ambitious one. First appearing in May, the scammers mailed packages that contained a fake Ledger Nano wallet to the homes of Ledger users. They soldered a flash drive onto the interior of the fake wallet, and the packages also included a sealed bag with Ledger’s logo on it, and even shrink-wrapping the box itself, to appear as if it were never opened. 

In a Ledger blog post Thursday explaining the scam, the company said the box includes a fake letter explaining the “need to replace your existing hardware wallet to secure your funds. This is a scam. The Ledger Nano is fake.”

A flash drive with a fake Ledger app is connected to the circuit board, and instructions enclosed with the device tell the recipient to plug in the wallet and run the malicious file. To initialize the device, the user is then asked for their 24-word recovery phrase.

That phrase could then be used to generate the wallet’s private keys, letting the scammer import a wallet and gain access to the funds.

“We are aware of this scam, which we have included in our list of ongoing malicious attacks listed on our website,” Ledger Chief Information Security Officer Matt Johnson told CoinDesk in an email. “You should be suspicious of receiving a free product in the mail that you didn’t order and check Ledger’s official channels or contact Ledger support team.”

Johnson added that Ledger and Ledger Live will never ask users to share their 24-word recovery phrase, that Ledger communicates securely through Ledger Live, never by mail or phone, and that the company would never mail anything to a user's address without their consent.

This is just the latest volley in a bombardment of scams and phishing attempts faced by Ledger customers whose data was compromised in last year’s breach. Victims have faced everything from phishing emails to even threats of home invasion.

The episode shows the cascading consequences that can happen as a result of data breaches, particularly if a scammer has the time, creativity and soldering ability to capitalize on it. 

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.