Some Ledger users have begun to receive new, more “secure” hardware wallets from the company in the mail, designed to protect them from data breaches that occurred last summer.
This time, the scammers have outdone themselves by creating not only the identical original packaging of one of the Ledger devices but also a sloppy copy of the Nano X hardware wallet. One of the Reddit users spoke about the incident, sharing photos of the contents of the box and the gadget itself.
The funniest thing about this generous "kit" from scammers was the letter, teeming with spelling and grammatical errors. In it, unknown persons reported that this device is intended to fix the "holes" in the security of the previous version of Nano X, urging the client to immediately change his "outdated" wallet. Then only fueled suspicions against the background of such "care" about users. However, if you look closely, you can see with the naked eye the difference between the original wallet and its fake.
One of the security experts who looked at the photo said that the attackers added components of a standard USB drive to the Ledger gadget in order to “deliver” a computer virus to customers. He stressed that the device will most likely work only as a storage device, being an ordinary USB flash drive with the corps removed. The photo also shows that the scammers have attached four wires, connecting them to the same pin on the USB port, as in the device from Ledger.
Naturally, the kit was kindly provided with an “original” instruction offering to connect your new Ledger wallet to your PC by running the bundled application. After that, the user, apparently, only had to enter the secret phrase to restore the wallet and "import" the data to the new device. In fact, all of them simply fell into the hands of the intruders.
Ledger reacted to the incident by stating that the team had already received similar messages from other customers in May. They reminded everyone of the importance of using the software only from the official website of the company and never divulging the phrase to restore access.
Regarding the data breach mentioned by the scammers, it really happened at the end of June 2020, when hackers gained access to the personal data of users, after which in October the database was put up for sale at a price of 5 Bitcoins on one of the forums. However, at the end of December, it was discovered in the public domain on RaidForums.
The developers decided to join the “game” by announcing a reward of 10 Bitcoins to those who help find the criminals.