Scammers Using Tampered Ledger Devices to Steal Cryptocurrency

Tampered Ledger Devices

Ledger, a hardware cryptocurrency wallet vendor, has become a popular target among scammers lately due to rising cryptocurrency prices. Security experts have uncovered a scam involving the delivery of fake replacement devices to Ledger customers to steal cryptocurrency.


What has happened?

In a recent post on Reddit, a Ledger user shared details about receiving a device lookalike to Ledger Nano X in a random mailing.

  • The device came in duplicate packaging with a badly written letter explaining that the device is a replacement for the existing one because its data was exposed in a breach.
  • The information of 272,853 people who purchased a Ledger device was indeed published on RaidForums last December, making the claim believable.
  • After becoming suspicious of the device, some of the victims opened it and shared photos of Ledger’s printed circuit board that showed how the device was modified.


How does it work?

According to the researchers, a flash drive was added to the device possibly to trigger malware delivery action.

  • The flash drive could be seen attached to the USB connector of the Ledger device via four wires.
  • Further, the package contained enclosed instructions that direct the person to connect the Ledger and run an enclosed application.
  • It then expects victims to fill forms with their Ledger recovery phrases, which will import their wallet to the new device.​
  • As soon as the credentials are submitted, they reach the attackers who then get control of the victims’ wallets for stealing funds.



Cryptocurrency provides pseudonymity to threat actors, making attacks easier to conduct and profit from. There are several different scams out there. Customers using Ledger devices are recommended to beware of any unwanted email, package, or text. In addition, they need to stay cautious of phishing attempts that impersonate Ledger’s website.