Fake Ledger Wallet Scam: counterfeit chip and plaintext seed theft

One Brasil-based cybersecurity researcher dey report say dem dey sell fake Ledger wallet for one Chinese marketplace. The package dey look real, but when person connect the device and check am with Ledger Live, e fail the "Genuine Check," confirm say na fake Ledger unit e be. Inside the counterfeit hardware, the researcher find serious red flags. E dey use ESP32-S3 chip with internal flash instead of Ledger’s Secure Element. Firmware analysis show say user PIN and seed phrase dey stored as plaintext, plus dem hardcode links to attacker-controlled command-and-control (C2) servers. The attack chain focus on phishing outside the device. Victims dey prompted by QR code wey dey on the packaging to install fake "Ledger Live" app for Android/iOS/Windows/macOS. The fake app show Genuine Check screen wey always "pass," then e collect wallet setup data and exfiltrate seed phrases to external servers. For Android, the decompiled APK show stealth behaviour, including covert network requests and continuing background activity after the app close. The researcher stress say na no issue for Ledger’s Secure Element or Genuine Check. For traders, this na mainly self-custody security risk: account takeovers fit rise when users install fake Ledger wallet. Traders should treat QR links from untrusted sources as hostile and verify hardware and firmware authenticity before use. The report don submit to Ledger, and further analysis dey planned for Windows, macOS, and iOS.
Neutral
Dis news no dey directly move price for any particular cryptocurrency. Di main impact na on self-custody safety: fake Ledger wallet fit cause seed phrase to leak and make account takeover possible, we fit make retail people dey more careful about where dem dey get wallets from. Short-term, people fit dey more cautious to buy hardware wallets and to use QR-based setup flows, but e no likely say e go change overall network fundamentals or liquidity. Long-term, dis incident fit push for stronger verification, faster app/security patches, and more eye on third-party links—which fit improve user hygiene after initial wahala. Overall, traders suppose treat am as risk-management alert, not as bullish or bearish reason for token prices.