Security researchers and the crypto community are sounding the alarm over a sophisticated new wave of counterfeit Ledger hardware wallets being mass-sold on Chinese marketplaces like AliExpress, Taobao, and Tmall. These fake devices look nearly identical to genuine Ledger Nano S Plus and Ledger Nano X, but contain hidden backdoors designed to steal users’ seed phrases.
The counterfeit wallets feature modified chips, added Wi-Fi and Bluetooth modules, and custom firmware linked to the Chinese company Espressif Systems — the maker of popular ESP32 microcontrollers. Once set up, the compromised device can silently exfiltrate the user’s recovery phrase without any obvious signs of tampering.
How the Fake Ledger Devices Work
According to independent security researcher StackZero and multiple on-chain analysts, the malicious firmware is designed to:
- Capture the seed phrase during the wallet initialization process.
- Transmit the stolen data via hidden Wi-Fi or Bluetooth connection.
- Allow attackers to drain funds at any moment, even months after purchase.
The devices are being sold at heavily discounted prices (often 30–60% cheaper than official Ledger products), making them especially attractive to new users and cost-conscious buyers.This is not the first major Ledger-related scam. In 2024–2025, fraudsters used a fake Ledger Live application to steal approximately $9.5 million from victims who entered their seed phrases into the malicious software.
Key Red Flags and Expert Advice
Ledger’s official security team and community moderators strongly recommend the following:
- Buy only from official sources — Ledger’s website, authorized resellers, or trusted retailers like Amazon (verified seller).
- Never buy from third-party Chinese marketplaces if the price seems too good to be true.
- Always run Genuine Check immediately after unboxing using the official Ledger Live app.
- Verify firmware version and check for any unexpected Wi-Fi or Bluetooth behavior.
- Never enter your seed phrase into any software or website — even if prompted.
Ledger has confirmed it is actively investigating the latest batch of counterfeits and working with marketplaces to remove fraudulent listings.
Why This Scam Is Particularly Dangerous
Unlike phishing attacks that rely on user error, these hardware fakes compromise the device at the physical level. Even experienced users who follow best practices (such as buying “used” or “refurbished” devices) are at high risk.
The addition of wireless modules (Wi-Fi + Bluetooth) is especially concerning, as legitimate Ledger devices do not include these features in their core security architecture.
At Quickex, we strongly advise all hardware wallet users to treat security as a non-negotiable priority. Self-custody is powerful, but only when the hardware itself is genuine and uncompromised.
Safety Tips for Ledger and Other Hardware Wallets
- Purchase directly from the manufacturer whenever possible.
- Perform the Genuine Check immediately upon receipt.
- Use the device in an offline environment during seed generation.
- Consider air-gapped signing for large holdings.
- Regularly monitor connected addresses for suspicious activity.
The rise of these sophisticated counterfeit devices highlights an uncomfortable truth in 2026: as hardware wallets become more popular, so do the efforts by sophisticated actors to compromise them.
Stay safe, stay vigilant, and always verify before you trust.