Share this article
Scammers Are Sending Ledger Users Fake Hardware Wallets
The fake wallets are an escalation in phishing attempts following a 2020 data breach that exposed 272,000 customer addresses.
Updated Sep 14, 2021, 1:13 p.m. Published Jun 17, 2021, 9:32 p.m.
The 2020 data breach of the hardware wallet company Ledger has taken yet another turn.
STORY CONTINUES BELOW
Scammers are sending fake hardware wallets to people whose data was gathered via a third-party data breach. These fake wallets contain hardware designed to steal the user's crypto.
The scam is an ambitious one. First appearing in May, the scammers mailed packages that contained a fake Ledger Nano wallet to the homes of Ledger users. They soldered a flash drive onto the interior of the fake wallet, and the packages also included a sealed bag with Ledger’s logo on it, and even shrink-wrapping the box itself, to appear as if it were never opened.
In a Ledger blog post Thursday explaining the scam, the company said the box includes a fake letter explaining the “need to replace your existing hardware wallet to secure your funds. This is a scam. The Ledger Nano is fake.”
Read more: Ledger Adds Bitcoin Bounty and New Data Security After Hack
A flash drive with a fake Ledger app is connected to the circuit board, and instructions enclosed with the device tell the recipient to plug in the wallet and run the malicious file. To initialize the device, the user is then asked for their 24-word recovery phrase.
That phrase could then be used to generate the wallet’s private keys, letting the scammer import a wallet and gain access to the funds.
“We are aware of this scam, which we have included in our list of ongoing malicious attacks listed on our website,” Ledger Chief Information Security Officer Matt Johnson told CoinDesk in an email. “You should be suspicious of receiving a free product in the mail that you didn’t order and check Ledger’s official channels or contact Ledger support team.”
Johnson added that Ledger and Ledger Live will never ask users to share their 24-word recovery phrase, that Ledger communicates securely through Ledger Live, never by mail or phone, and that the company would never mail anything to a user's address without their consent.
Read more: From SIM-Swaps to Home-Invasion Threats, Ledger Leak Has Cascading Consequences
This is just the latest volley in a bombardment of scams and phishing attempts faced by Ledger customers whose data was compromised in last year’s breach. Victims have faced everything from phishing emails to even threats of home invasion.
The episode shows the cascading consequences that can happen as a result of data breaches, particularly if a scammer has the time, creativity and soldering ability to capitalize on it.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
ZKsync Lite to Shut Down in 2026 as Matter Labs Moves On
The company framed the move, happening in early 2026, as a planned sunset.
What to know:
- Matter Labs plans to deprecate ZKsync Lite, the first iteration of its Ethereum layer-2 network, the team said in a post on X over the weekend.
- The company framed the move, happening in early 2026, as a planned sunset for an early proof-of-concept that helped validate their zero-knowledge rollup design choices before newer systems went live.
Top Stories
