Researcher finds counterfeit Ledger Nano S Plus on Chinese site
A Brazilian security researcher bought a Ledger Nano S Plus on a Chinese marketplace and discovered it failed Ledger’s Genuine Check and contained hardware and firmware to capture seed phrases.
A Brazilian security researcher who posts as Past_Computer2901 on Reddit purchased a Ledger Nano S Plus on a Chinese marketplace and found the device was counterfeit. When connected to an existing Ledger Live installation, the device failed Ledger’s built-in Genuine Check.
The packaging and listing matched the official product and the price aligned with Ledger’s store, the researcher wrote. After the Genuine Check failed, the researcher opened the unit and found scraped chip markings and an embedded Wi‑Fi and Bluetooth antenna not present in legitimate Ledger devices.
The researcher said the counterfeit included firmware and hardware modifications intended to capture recovery seed phrases. A QR code in the box redirected buyers to a malicious app that displayed a fake Genuine Check. Users who follow the fake app’s prompts can be tricked into revealing their seed phrases, allowing attackers to access and drain wallets.
He put the device’s chip into boot mode, which initially identified the unit as a Nano S Plus 7704 with a serial number. After the boot sequence completed, another manufacturer name appeared: Espressif Systems, a Shanghai‑based semiconductor company. The researcher reported not receiving an immediate response when attempting to contact the listed manufacturer.
Earlier this month, a fake Ledger Live app reached the Apple App Store through a bait‑and‑switch tactic. More than 50 people were tricked into revealing seed phrases and lost a combined $9.5 million before the app was removed.
The researcher posted a warning on Reddit: “This isn’t meant to cause panic, but rather to serve as a serious warning — I’m honestly still a bit shaken by the sheer scale of this operation.” The post urged buyers to download Ledger Live only from ledger.com, purchase hardware only from ledger.com and to stop using any device that fails the Genuine Check.
The findings highlight risks tied to buying hardware wallets outside official channels and to malicious apps that imitate legitimate setup flows. Users are advised to verify purchases, use official firmware and apps, and avoid following setup prompts from unknown sources.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
