Cybersecurity professional Joje Mendes discovered a sophisticated counterfeit Ledger Nano S+ hardware wallet that uses malicious software and command-and-control servers to steal cryptocurrency seed phrases and credentials.

Key Points

• The counterfeit device features an ESP32-S3 system-on-a-chip with scraped markings to hide its true origin.
• Malicious firmware monitors account balances and exfiltrates sensitive data via a fake, cloned version of the official Ledger website.
• Users are prompted to download tainted Android, Windows, or macOS applications that track location and harvest private keys.
• The device was purchased from a major Chinese marketplace at a price point identical to a legitimate Ledger unit.
• Ledger’s official software successfully identified the hardware as non-genuine, preventing the theft of the user's assets.

Why it Matters

This incident highlights the significant risks associated with purchasing security-critical hardware from unauthorized third-party marketplaces. It serves as a critical reminder that consumers should only buy cryptocurrency wallets directly from manufacturers or verified official resellers to ensure device integrity.