Scammers Are Now Sending Fake Ledger USB Devices Over Post Mail

Last updated July 6, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Scammers who are always on the look for ways to steal cryptocurrency assets from other people are now sending fake Ledger USB devices to customers of the hardware wallet service via post mail. The diligence in the packaging makes the campaign very convincing, as users on Reddit showcase a parcel wrapped in Ledger-branded bags containing a shrinkwrapped device in a box that appears genuine and a letter supposedly signed by the company's CEO Pascal Gauthier.

Source: Reddit
Source: Reddit
Source: Reddit

The actors claim (in the enclosed letter) that the reason for sending the new Nano X is to protect the recipient from the data breach that occurred last year, so it’s supposed to be a security measure. The letter urges the user to switch to the new device to stay safe and explains that the new device has a different “structure” because it has been enhanced for security. By looking at the following comparison made by Bleeping Computer, it becomes obvious that this claim is bogus as the replacement device is of notably inferior quality.

Source: Bleeping Computer

The contained device is supposed to be a “Nano X,” but in reality, it is a modified USB stick made to trick people into giving away their wallet info. The Nano X is a Bluetooth-enabled hardware wallet where people can store their digital assets and use it to verify transactions. As such, it is similar to a real wallet, but for crypto, and so if someone was to steal the user’s recovery phrase, they would have the key needed to steal the wallet.

The scammers enclose some instructions on how to “set up” the new wallet by installing an app and filling the forms with your old recovery phrases. The app then sends this valuable information to the scammers, who are then importing the victim’s wallet on their devices and assuming full control, leaving the rightful owner with no way to recover their crypto.

Actors are still exploiting the appearance of the Ledger customer database that appeared on a hacking forum last December, exposing the names, phone numbers, and home addresses of device holders. The level of sophistication in this post-mail campaign is indicative of the effort that goes into these campaigns, and with crypto prices risen greatly since the start of the year, that’s hardly surprising.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: