{"id":26139,"date":"2026-04-17T08:36:41","date_gmt":"2026-04-17T08:36:41","guid":{"rendered":"https:\/\/bitunikey.com\/news\/researcher-uncovers-fake-ledger-nano-s-modified-to-siphon-crypto-assets\/"},"modified":"2026-04-17T08:36:47","modified_gmt":"2026-04-17T08:36:47","slug":"researcher-uncovers-fake-ledger-nano-s-modified-to-siphon-crypto-assets","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/researcher-uncovers-fake-ledger-nano-s-modified-to-siphon-crypto-assets\/","title":{"rendered":"Researcher uncovers fake Ledger Nano S modified to siphon crypto assets"},"content":{"rendered":"<div class=\"post-detail__content blocks\">\n<p>A Brazilian security researcher has uncovered a sophisticated counterfeit Ledger device operation after discovering modified hardware designed to siphon cryptocurrency from unsuspecting users.<\/p>\n<div id=\"cn-block-summary-block_0f46a009f420519758558f8c001df461\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>A Brazilian security researcher identified a sophisticated hardware compromise in a counterfeit Ledger Nano S Plus that utilized modified firmware to capture user recovery phrases.<\/li>\n<li>Physical inspections of the fraudulent device revealed the addition of unauthorized WiFi and Bluetooth components alongside a secondary manufacturer\u2019s chip hidden beneath scraped markings.<\/li>\n<li>The operation relies on a deceptive QR code included in the packaging to lure users into downloading a malicious application designed to bypass official security checks.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The security researcher, known online as \u201cPast_Computer2901,\u201d <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.reddit.com\/r\/ledgerwallet\/comments\/1sn0hk0\/update_fake_ledger_nano_s_from_chinese\/\" target=\"_blank\">shared<\/a> findings on Reddit after purchasing what appeared to be a standard Ledger Nano S Plus from a Chinese marketplace.\u00a0<\/p>\n<p>Despite the packaging and price point matching official retail standards, the unit failed a \u201cGenuine Check\u201d when connected to the authentic Ledger Live desktop application.\u00a0<\/p>\n<p>This red flag led to a physical teardown of the device, revealing that the internal circuitry had been altered to include WiFi and Bluetooth antennas\u2014features entirely absent from the legitimate model.<\/p>\n<h2 class=\"wp-block-heading\">Hardware manipulation and malicious redirects<\/h2>\n<p>Scammers are utilizing these tampered devices to exploit first-time buyers through a deceptive setup process.\u00a0<\/p>\n<p>A QR code included in the packaging directs users to a fraudulent version of the Ledger Live app, which is programmed to bypass security warnings and issue a fake verification of the hardware\u2019s authenticity.\u00a0<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>Once a user follows the prompts to generate or enter a seed phrase, the compromised firmware captures the data, allowing the attackers to drain the wallet at will.<\/p>\n<p>\u201cThis isn\u2019t meant to cause panic, but rather to serve as a serious warning \u2014 I\u2019m honestly still a bit shaken by the sheer scale of this operation,\u201d the researcher noted.<\/p>\n<p>Internal analysis of the unit showed that the scammers went to great lengths to hide the fraud, including scraping off original chip markings.<\/p>\n<figure class=\"wp-block-image size-large\"><\/figure>\n<p>Counterfeit Ledger device. Source: Reddit.\u00a0<\/p>\n<p>While the device initially identified itself as a Nano S Plus 7704 during the boot phase, the final sequence revealed the manufacturer as Espressif Systems, a Shanghai-based semiconductor firm.\u00a0<\/p>\n<p>These modifications fundamentally break the security premise of Ledger products, which are built to keep private keys in a strictly offline environment.<\/p>\n<p>The discovery follows a separate incident earlier this month where a fraudulent app bypassed Apple App Store security via a bait-and-switch tactic. The malicious software successfully tricked over 50 people into revealing their recovery phrases, resulting in the theft of $9.5 million before the platform removed the listing.<\/p>\n<p>\u201cStay safe out there. Only download Ledger Live from ledger.com. Only buy hardware from ledger.com. If your device fails the Genuine Check \u2014 stop using it immediately,\u201d the researcher cautioned.<\/p>\n<p>As previously reported by crypto.news, scammers have also targeted Ledger customers using fake Ledger App.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A Brazilian security researcher has uncovered a sophisticated counterfeit Ledger device operation after discovering modified hardware designed to siphon cryptocurrency from unsuspecting users. Summary A Brazilian security researcher identified a&hellip;<\/p>\n","protected":false},"author":1,"featured_media":26140,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-26139","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=26139"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26139\/revisions"}],"predecessor-version":[{"id":26141,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26139\/revisions\/26141"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/26140"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=26139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=26139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=26139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}