Fake hardware wallets are reportedly being mailed to Ledger customers by scammers to facilitate their scheme in stealing private seeds.
A Reddit user shared a related experience, saying he received a package that was supposedly sent by Ledger due to its legit-looking Ledger Nano X. The package also included a letter saying their current wallet was compromised, stressing the need to replace it with a new one.
“For security purposes, we have sent you a new device. You must switch to a new device to stay safe. There is a manual inside your new box. You can read that to learn how to set up your new device,” the letter said.
A potential malware delivery
The package that was mailed allegedly arrived with instructions to set up a new cryptocurrency wallet with the private key.
However, further inspection revealed the hardware that was mailed was a modified version of the original Nano X, containing a series of different connections inside the device.
Security consultant Mike Grover offered some insights on the matter and said, “This seems to be a simple flash drive strapped on to the Ledger with the purpose to be some sort of malware delivery.”
In dealing with this new elaborate fraudulent scheme, Ledger has updated its phishing campaign page in order to alert users of this particular modus operandi.
Last year, the company already suffered two major data leaks. The first one happened back in July 14 when an identified external entity accessed 1 million emails and 9,500 addresses from its users.
Meanwhile, last December 20, the information was leaked on the internet for free, making Ledger users deal with a series of phishing and scam attacks perpetrated via mail.
Image courtesy of Cointelegraph News/YouTube