Scammers Are Now Sending Fake Ledger USB Devices Over Post Mail

  • Ledger phishing campaigns are getting increasingly sophisticated and elaborate, as Reddit users report.
  • Some people report receiving “Nano X” replacements via post mail, with everything appearing legit.
  • The actors are looking to steal the current recovery phrases that will allow them to take over crypto wallets.

Scammers who are always on the look for ways to steal cryptocurrency assets from other people are now sending fake Ledger USB devices to customers of the hardware wallet service via post mail. The diligence in the packaging makes the campaign very convincing, as users on Reddit showcase a parcel wrapped in Ledger-branded bags containing a shrinkwrapped device in a box that appears genuine and a letter supposedly signed by the company's CEO Pascal Gauthier.

Source: Reddit
Source: Reddit
Source: Reddit

The actors claim (in the enclosed letter) that the reason for sending the new Nano X is to protect the recipient from the data breach that occurred last year, so it’s supposed to be a security measure. The letter urges the user to switch to the new device to stay safe and explains that the new device has a different “structure” because it has been enhanced for security. By looking at the following comparison made by Bleeping Computer, it becomes obvious that this claim is bogus as the replacement device is of notably inferior quality.

Source: Bleeping Computer

The contained device is supposed to be a “Nano X,” but in reality, it is a modified USB stick made to trick people into giving away their wallet info. The Nano X is a Bluetooth-enabled hardware wallet where people can store their digital assets and use it to verify transactions. As such, it is similar to a real wallet, but for crypto, and so if someone was to steal the user’s recovery phrase, they would have the key needed to steal the wallet.

The scammers enclose some instructions on how to “set up” the new wallet by installing an app and filling the forms with your old recovery phrases. The app then sends this valuable information to the scammers, who are then importing the victim’s wallet on their devices and assuming full control, leaving the rightful owner with no way to recover their crypto.

Actors are still exploiting the appearance of the Ledger customer database that appeared on a hacking forum last December, exposing the names, phone numbers, and home addresses of device holders. The level of sophistication in this post-mail campaign is indicative of the effort that goes into these campaigns, and with crypto prices risen greatly since the start of the year, that’s hardly surprising.

How to Watch Interior Design Masters Season 4 Online from Anywhere
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari