What is the fake Ledger device scam?

A cybersecurity researcher discovered a counterfeit Ledger hardware wallet sold online that was designed to steal crypto. The device looked legitimate but contained modified hardware and firmware to capture sensitive data. It specifically targets users setting up wallets for the first time.

How does the fake Ledger wallet steal crypto?

The scam works by directing users to install a fake Ledger Live app via a QR code included in the box. This app mimics the real interface but tricks users into entering their seed phrase. Once exposed, attackers can access and drain the wallet at any time.

What warning signs revealed the device was fake?

The device failed Ledger’s built-in “Genuine Check,” which is designed to verify authentic hardware. Upon inspection, the researcher found tampered chips and unexpected components like WiFi and Bluetooth antennas. These are not present in legitimate Ledger devices.

Why are first-time crypto users the main target?

New users are less likely to recognise red flags during wallet setup. They may trust packaging, QR codes, and instructions without verifying sources. This makes them more vulnerable to downloading malicious apps and exposing their seed phrases.

What is a seed phrase and why is it critical?

A seed phrase is a set of words that gives full access to a crypto wallet. Anyone with the seed phrase can control and transfer all funds. This is why scammers focus on tricking users into revealing it.

How are scammers making these fake devices look real?

The counterfeit device had packaging and pricing similar to official Ledger products. Internally, however, it had modified components and firmware designed for data capture. This shows a more advanced “supply chain attack” approach rather than simple phishing.

What role does Espressif Systems play in this case?

Firmware analysis showed links to components associated with Espressif Systems, a Chinese semiconductor company. However, there is no confirmed involvement by the company itself. Its technology may have been used without its knowledge.

How common are these types of crypto scams?

Crypto scams are becoming more sophisticated, moving beyond phishing into hardware tampering and fake apps. The article also notes a recent case where over 50 users lost $9.5 million via a fake Ledger Live app. This suggests the threat is growing.

Fake Ledger device scam targets crypto users

Written by Heidi Cuthbert Published Apr. 17 2026

A cybersecurity researcher has uncovered a counterfeit Ledger hardware wallet sold via a Chinese marketplace, designed to steal users’ crypto assets.

The researcher said the device failed Ledger’s “Genuine Check,” prompting further inspection that revealed modified hardware and firmware intended to capture sensitive wallet data.

The scam targets first-time users, often directing them via a QR code to download a fake Ledger Live app that mimics legitimacy while extracting seed phrases.

“This isn't meant to cause panic, but rather to serve as a serious warning — I’m honestly still a bit shaken by the sheer scale of this operation,”

The researcher said.

The investigation found signs of tampering, including altered chips and added WiFi and Bluetooth components, which are not present in genuine Ledger devices designed to keep keys offline.

Firmware analysis pointed to components linked to Espressif Systems, a Shanghai-based semiconductor company, though its role in the counterfeit device remains unclear.

The case highlights rising risks in crypto self-custody, with scammers increasingly using supply chain attacks and fake apps to compromise wallets and steal funds.