Scam Warning: Fake Crypto Hardware Wallets Sent to Ledger Customers

Last year, hardware wallet provider Ledger suffered an internal breach of security resulting in the exposure of 250,000 to 1,000,000 customer email addresses. In some cases, the information leaked included full names and addresses. A class action is under way, but the after-effects linger.

Initial Concern Regarding Bad Actors

Since self-custody and privacy remain crypto’s greatest drawcards, the initial concern was that the information would be used by malicious actors to separate users from their crypto holdings.

Within a short space of time, Reddit users described various phishing attempts (such as links to the “latest software upgrade”) and death threats (so-called “$5 wrench attacks”). At the time, users quite reasonably began asking questions as to whether or not Ledger was a secure hardware wallet.

Unsurprisingly, once leaked private information becomes available in the public domain, the consequences are likely to linger. Ledger’s 2020 data breach is no different as the ramifications persist.


Latest Fraudster Activity

Recently, Ledger customers have revealed a new and sophisticated effort by fraudsters involving fake hardware wallets being sent to exposed Ledger customers’ addresses.

Overlooking the fact that Ledger is unlikely to ever send a “new” unsolicited hardware device to its users (much less one that is unsealed/damaged), the clear giveaway in this instance was a single use of slang in the letter:

… For this reason, we have changed our device structure. We now guarantee that this kinda [emphasis intentionally added] breach will never happen again.

Extract from fake Ledger letter

In addition to examples such as that outlined above, some users have also described fake hardware being sent with a pre-installed recovery seed:

How to Avoid Getting Scammed

Unfortunately, scammers continue to thrive and innovate within the crypto space. In 2020 alone, Australians lost $26 million in Bitcoin to scams.

The good news, however, is that there are some basic principles within the domain of hardware wallets that dramatically reduce the prospects of being scammed:

  • Only buy hardware directly from the manufacturer or authorised reseller
  • Never buy a used device
  • Make sure the packaging has not been tampered with
  • When starting the device up, make sure there aren’t any error messages that could be evidence of tampering
  • Remember that no hardware wallet comes pre-installed with a 24-word recovery phrase.


José Oramas

José Oramas

José is a journalist and translator with a keen interest in blockchain and cryptocurrencies.

You may also like