Pages:
Author

Topic: Ledger fake device Warning! - page 3. (Read 575 times)

legendary
Activity: 1498
Merit: 4776
June 17, 2021, 05:52:42 AM
#2
What can be most dangerous is to have a clonned hardware wallet, or the one that has been tamparred with. The one above falls under this category. Entering seed phrase on such fake hardware wallet will surely lead to the attackers to be able to access the seed phrase, even possibly along with the passphrase if included. The question is, how can someone differentiate the origin from the fake? There should be a way. Although, I prefer Trezor which is completely open source, but this data breach can happen to any company that are collecting buyer's data on their database, this should make us careful of the information we are given out.

If Electrum can support more than Bitcoin, it would have been the best approach than given data to the another party, well also a reputed reseller can help, but they can also have a compromised hardware wallet to sell, who knows. Using electrum as a cold storage and having another one as watch-only will not require for any kyc or user's information collection on any database, this has been effective for Bitcoin holding, but users that like to hold other cryptocurrencies  are the ones going for hardware wallet.
legendary
Activity: 2128
Merit: 6871
June 17, 2021, 05:18:29 AM
#1
You probably remember multiple Ledger database leaks that exposed private customer information and addresses for millions of ledger customers, and this is still available in public so both fbi and scammers have all those information.

Scammers have been texting customers, sending them threats with sms, fake emails but their latest trick is even more dangerous because they started to send fake replacement Ledger devices to selected customers even if they didn't order anything.

Attackers even created fake ledger bag and sealed ledger box to match original Ledger Nano X wallet with their own instructions, and sent letter explaining why customer need to replace their wallet.

 

Fake Instructions is asking users connect the Ledger to their computer, than import recovery phrase from their old device, and that is sent to the attackers who imports it on their own devices and steal crypto.



Guy who received this fake ledger opened the device that was later compared with original device and you can see the clear difference inside both front and back as well as some sloppy soldering work.

They added a flash drive inside Ledger case and wired it to the USB connector with the purpose to be used for malware delivery to attackers.

 

This was first reported on ledger reddit by member jjrand who was confirmed victim of data breach, but he was not the only one to receive it.

BEWARE that anyone who ordered ledger wallet before and got his address leaked is in danger of receiving one of this fake devices.

Quote
I have got a package from Ledger although I did not order one. Inside the package, there is a brand new Ledger X and the letter attached. As a victim of the latest Data Breach I have signed up reddit only to post this. Maybe someone from the company can confirm or deny it.

Edit: I am pretty sure it is scam. Here are some more pics. I have also opened the device. You can see the inside of the plastic box. It is definitely tampered !

So beware guys, this is really some next level of scam attempt.
https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/
Pages:
Jump to: