Scammers are reportedly attempting to steal cryptocurrency wallets from Ledger customers by shipping them fake hardware accompanied by a letter claiming the potential victim’s existing device isn’t secure.
Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date.
This particular victim decided to take a closer look at the modified Nano X, and discovered that it contained a flash drive that isn’t present on the actual hardware. That drive would most likely be used to install malware designed to compromise the Ledger recovery phrase and therefore the private key used to secure the wallet so the scammers could then steal the victim’s cryptocurrency.
Ledger acknowledged these efforts on a section of its website dedicated to tracking phishing campaigns. “This is a scam. A Ledger Nano is not a USB device. It does not contain any application to download and install on your computer. The only way to download the Ledger Live app is by using the official download page,” it said. “Plus, Ledger and Ledger Live will never ask you to share your 24-word recovery phrase.”
The company also provides a guide to checking the integrity of Ledger Nano X-branded hardware. That guide includes pictures of the device’s PCB, its root of trust, and other information that can be used to make sure the device hasn’t been compromised.It’s probably worth following that guide for every Nano X, even if it was legitimately ordered.