Published On: Fri, 17 Apr 2026 06:11:59 GMT

Security researcher finds large-scale fake Ledger wallets on Chinese marketplaces

A security researcher finds a scam of fake Ledger wallets on Chinese marketplaces designed to steal users’ seed phrases and funds.

Arushi Garg News

Apr 17, 2026, 6:11 AM UTC

Author: Arushi Garg

Low Attention

Overheated

HypeMeter

High attention and emotional sentiment detected.

17 April, 2026: A Brazilian security researcher has uncovered a large-scale operation selling counterfeit Ledger Nano S Plus devices on major Chinese e-commerce platforms.

In a post on X, researcher revealed that the fake devices closely mimic genuine Ledger wallets, including packaging and branding. However, the hardware is compromised. The devices use low-cost ESP32 chips and malicious firmware that captures seed phrases and PINs in plain text. The data is then transmitted to attacker-controlled servers across approximately 20 blockchains, according to the researcher’s analysis.

“These devices look identical to original Ledger wallets but are designed to steal seed phrases immediately during setup,” the researcher wrote in the linked post. The researcher’s findings are based on hands-on testing of a purchased device and reverse engineering of its internal components.

High Signal Summary For A Quick Glance

📌 Key Takeaways 👥 Who Is Impacted 📊 Implications

A researcher uncovered large-scale fake Ledger Nano S Plus devices on Chinese marketplaces.
Counterfeit wallets look identical but use malicious firmware to capture seed phrases.
What changes: Users must verify purchase sources and avoid unofficial sellers.
What stays the same: Genuine Ledger devices from official channels remain secure.

Retail traders are most affected, especially those buying from unofficial marketplaces.
Long-term holders face high risk as compromised devices can drain funds across multiple chains.
Institutions see moderate impact with added scrutiny despite secure custody setups.
Builders face pressure to improve user education and hardware verification tools.

The Talk

Real voices. Real reactions.

KOLs

Media

Community

@TFTC21 Yeah, buy only from the manufacturer which then proceeds to leak their customer database. Don't use Ledger, period.

A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure https://t.co/6ZfP9pJkUU

01:20 AM·Apr 17, 2026

@TFTC21 The part that should keep people up at night: the genuine check can be bypassed if the hardware is compromised at the source. The one safeguard people rely on to verify their device is useless against the exact attack it was designed to catch. This is not a flaw in Ledger's

12:53 AM·Apr 17, 2026

@TFTC21 @FBI @FBIDirectorKash this is serious stuff. These guys are scamming people of millions. The FBI didn’t even reply my email when I sent all the evidence of theft that happened to us.

12:18 AM·Apr 17, 2026

Apr 17, 2026

Chinese Professor With 2M YouTube Subscribers Says CIA Created Bitcoin

Apr 16, 2026

Drift Protocol Relaunches with $150M Tether Partnership

Apr 16, 2026

Rhea Finance Exploited for $7.6M via Fake Token Attack

Apr 16, 2026

Bitcoin Developers Propose Freezing Early BTC Addresses

Fetching related reads

🟢 Short term: Neutral market impact as this is a supply-chain scam

🟡 Long term: Weakens trust in hardware wallets bought outside official channels

🔴 Key risk: Compromised devices can leak seed phrases and cause total fund loss

How the Fake Ledger Nano S+ Was Discovered

The researcher purchased a heavily discounted “Ledger Nano S+” from a Chinese marketplace after noticing suspicious listings.

Upon inspection, the researcher found the device uses a low-cost ESP32 IoT chip instead of Ledger’s secure element. Original chip markings had been physically altered. The firmware, labeled “Nano S+ V2.1,” was identified as malicious and designed to extract sensitive data, according to the researcher’s analysis. This follows previous reporting on hardware wallet vulnerabilities and supply-chain risks, reinforcing concerns around third-party sellers.

Genuine vs Counterfeit

How counterfeit Ledger Nano S+ devices differ from genuine hardware wallets at a security level

Hardware Chip

Official secure element chip ↑

Cheap ESP32 IoT chip ↓

Firmware

Official Ledger firmware ↑

Malicious custom firmware (“Nano S+ V2.1”) ↓

Seed Phrase & PIN Storage

Stored securely inside hardware enclave ↑

Stored in plain text ↓

Data Transmission

Secure and encrypted communication ↑

Automatically transmits seed phrases to attacker servers ↓

Packaging & Appearance

Official branding and holograms ->

Highly convincing professional packaging ->

Price

Full retail price

40–60% discount on gray markets ↑

Risk Level

Safe when purchased from official channels ↑

Extremely high risk — funds drained across chains ↓

Why It Matters

Security relies on trusted hardware and firmware

Counterfeits completely break the self-custody model ↓

Fake Devices Sold Across Major Chinese Platforms

Sellers listed counterfeit Ledger devices on platforms including Taobao, AliExpress, and Pinduoduo. Listings featured professional images and near-identical product descriptions to legitimate devices.

According to the researcher, the firmware also includes a backdoor mechanism that enables continued remote access after setup. The researcher warned this represents a shift from phishing attacks to physical supply-chain compromise at scale. Ledger did not respond to a request for comment by publication time.

Tweet not available.

What Ledger Users Should Watch For

Users should monitor Ledger’s official response, including any verification tools or warnings tied to specific listings. The scale of the scam remains unclear, including how many compromised devices have been sold.

Further developments may include enforcement action against sellers and new community-led verification guides to help users confirm device authenticity before setup.

Frequently Asked Questions

What did the security researcher discover?

A Brazilian security researcher uncovered a large-scale operation selling sophisticated counterfeit Ledger hardware wallets on major Chinese e-commerce marketplaces.

How do the fake Ledger wallets work?

The counterfeit devices use a cheap ESP32 chip and malicious firmware to capture seed phrases and PINs in plain text, then send that data to attacker-controlled servers.

How realistic are the fake Ledger devices?

The fake wallets reportedly look nearly identical to genuine Ledger Nano S+ devices, including professional-looking packaging and branding.

Which blockchains are affected by these fake wallets?

The malicious firmware can reportedly steal assets across approximately 20 different blockchains.

What should users who bought a Ledger from unofficial sources do?

Users who purchased Ledger devices from unofficial Chinese marketplaces should immediately stop using them and move their funds to a secure wallet.

Are official Ledger wallets from the Ledger website safe?

Genuine Ledger hardware wallets purchased directly through official channels remain secure and unaffected by this counterfeit wallet scam.

Editorial Note

Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.

Join Our Telegram Community

NEWS

OPINION/RESEARCH

FEATURES

ABOUT US

Security researcher finds large-scale fake Ledger wallets on Chinese marketplaces

The Talk

Read Other News articles

Fetching related reads

Read Other News articles

How the Fake Ledger Nano S+ Was Discovered

Genuine vs Counterfeit

Fake Devices Sold Across Major Chinese Platforms

What Ledger Users Should Watch For

Frequently Asked Questions

Editorial Note

In this article

Related reads

Related reads

Related reads

Related reads