A Brazilian security researcher has warned crypto users after finding a fake Ledger wallet sold through a Chinese marketplace.
The counterfeit device looked real, matched the official price, and came in convincing packaging. However, the wallet failed Ledger’s built in Genuine Check once it connected to the official Ledger Live app.
Stay ahead in the crypto world – follow us on X for the latest updates, insights, and trends!🚀
The researcher, who posted on Reddit as “Past_Computer2901” in the “ledgerwallet” channel, said the device was bought for personal use. After the failed check, the researcher opened the wallet and found modified hardware and firmware.
The findings showed that the counterfeit Ledger device had been prepared to capture wallet data and help attackers steal crypto funds.
The case adds to a wider pattern of crypto wallet scam operations targeting self custody users. These attacks often rely on fake apps, supply chain abuse, and social engineering. In this case, the fake Ledger wallet appears to have been designed to fool new users during setup.
Fake Ledger Wallet Fails Genuine Check
The fake Ledger wallet was listed as a Ledger Nano S Plus on a Chinese marketplace. According to the researcher, the price matched the official Ledger store. Also, the product listing and the packaging looked legitimate at first sight, which made the device appear trustworthy.
The problem appeared when the researcher connected the device to the real Ledger Live app already installed on their computer. The wallet failed the Genuine Check, which is Ledger’s security test used to confirm whether a device is authentic. That result pushed the researcher to inspect the wallet more closely.
After opening the device, the researcher found signs of tampering. These included scraped chip markings and an embedded WiFi and Bluetooth antenna. A legitimate Ledger wallet is built to keep private keys offline. Because of that, the added hardware raised immediate concern.
Counterfeit Ledger Device Used Fake Ledger Live Setup
The researcher said the counterfeit Ledger device appears to target first time buyers.
The box reportedly included a QR code that would likely send users to download a malicious version of Ledger Live. That app would then show a fake Genuine Check and guide the user through a setup controlled by the scammers.
As a result, users could be pushed to enter their seed phrase into a fraudulent interface. Once attackers obtain a seed phrase, they can access the wallet and drain the funds. That is why this crypto wallet scam could be especially dangerous for users who have never set up a Ledger before.
The researcher described the case in a Reddit post and wrote: “This isn’t meant to cause panic, but rather to serve as a serious warning — I’m honestly still a bit shaken by the sheer scale of this operation.” The post kept the focus on how the scam worked and how closely the device copied a real Ledger Nano S Plus.
Fake Ledger Firmware Points to Espressif Systems
The researcher also reviewed the firmware inside the fake Ledger wallet. After putting the chip into boot mode, the device first identified itself as a Nano S Plus 7704 and showed an attached serial number. That early identification suggested the counterfeit was built to mimic a genuine Ledger during startup.
However, the result changed once the boot sequence finished. According to the researcher, another manufacturer name appeared: Espressif Systems. The report described Espressif Systems as a publicly listed Chinese semiconductor company based in Shanghai.
Cointelegraph said it contacted Espressif for comment but did not receive an immediate response. The appearance of the company name in the firmware did not change the main finding: the device sold as a Ledger wallet was not genuine and had been altered.
Ledger Scam Follows Earlier Fake App Theft Case
The new Ledger scam surfaced only weeks after another attack linked to the brand. Earlier this month, more than 50 victims entered their seed phrases into a fake Ledger Live app that reached the Apple App Store through a bait and switch method. Those victims lost a combined $9.5 million before Apple removed the malicious app.
That earlier case and this new counterfeit Ledger device both show how attackers are using familiar wallet tools to target crypto holders. In both cases, the goal was the same: get access to the user’s recovery phrase and then steal funds.
The researcher ended the Reddit post with a direct warning:
“Stay safe out there. Only download Ledger Live from ledger.com. Only buy hardware from ledger.com.”
The post also added:
“If your device fails the Genuine Check — stop using it immediately.”
Tatevik Avetisyan is an editor at Kriptoworld who covers emerging crypto trends, blockchain innovation, and altcoin developments. She is passionate about breaking down complex stories for a global audience and making digital finance more accessible.
📅 Published: April 17, 2026 • 🕓 Last updated: April 17, 2026
Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.
