Counterfeit Ledger Nano S+ Steals Seed Phrases, Drains Wallets
A Brazil-based security researcher uncovered a counterfeit Ledger Nano S+ scheme that can steal seed phrases and drain funds across ~20 blockchains. The fake device was bought on a Chinese marketplace and shipped with custom malicious firmware plus a cloned or modified Ledger Live app.
Once users enter their seed phrase during setup, the system exfiltrates the data immediately. The report also found plaintext capture of sensitive material (seeds and PINs) after a memory dump. Hardware indicators were critical: the counterfeit Ledger Nano S+ uses an ESP32-S3 chip instead of the genuine ST33 Secure Element, and chip markings were sanded to hide identification.
The attackers also used deceptive app packaging across Android, Windows (.EXE), macOS (.DMG), and an iOS TestFlight build, with network-based data exfiltration. The “Genuine Check” can fail or be mimicked because supply-chain compromise may let counterfeit firmware replicate expected behavior—Ledger says only devices with its secret manufacturing key should verify.
Where it’s sold matters for risk: the devices appear on third-party marketplaces (e.g., Amazon third-party sellers, eBay, Mercado Livre, JD, AliExpress), often at suspicious discounts. Red flags include pre-generated seed phrases and instructions to type a seed phrase into an app. The researcher is coordinating with Ledger’s Donjon for a full technical report after Ledger’s internal analysis.
For traders, this is mainly an operational custody risk rather than a direct crypto price catalyst. Still, any mainstream coverage could temporarily pressure sentiment around hardware wallet security and user self-custody—impacting broad demand, not a single token’s fundamentals.
Neutral
The incident is highly relevant to custody and operational security because counterfeit Ledger Nano S+ devices and tampered Ledger Live apps can directly lead to irreversible seed phrase theft. However, the news is not tied to a specific on-chain protocol failure or a macro factor that clearly changes the immediate fundamentals of any one cryptocurrency. At most, it can create short-lived negative sentiment toward hardware wallets and self-custody practices, which may mildly affect broader demand for such products rather than token prices. That keeps the expected market impact on crypto itself largely neutral.