Fake Ledger Wallets With Hidden WiFi Chips Surface on Chinese Marketplaces
Peter Zhang Apr 17, 2026 06:55
Security researcher exposes counterfeit Ledger devices with embedded wireless antennas designed to steal crypto. Comes days after $9.5M fake app losses.
Counterfeit Ledger hardware wallets rigged with hidden WiFi and Bluetooth antennas are being sold on Chinese marketplaces at official retail prices, according to a Brazilian security researcher who purchased one for personal use and nearly fell victim to the scheme.
The discovery, posted to Reddit on April 16 under the handle "Past_Computer2901," reveals a supply chain attack targeting first-time hardware wallet buyers. The fake device passed visual inspection but failed Ledger's built-in authenticity verification when connected to the legitimate Ledger Live app.
"This isn't meant to cause panic, but rather to serve as a serious warning — I'm honestly still a bit shaken by the sheer scale of this operation," the researcher wrote.
Inside the Counterfeit Device
After the device failed Ledger's Genuine Check, the researcher disassembled it. What they found was alarming: scraped chip markings and wireless communication hardware embedded inside a unit that should operate entirely offline.
Legitimate Ledger products keep private keys air-gapped from internet-connected systems. The addition of WiFi and Bluetooth capabilities suggests the counterfeit device could transmit stolen seed phrases to attackers remotely.
Digging into the firmware revealed more red flags. While the device initially identified itself as a Nano S Plus 7704 with a valid-looking serial number, the boot sequence exposed the actual manufacturer: Espressif Systems, a Shanghai-based semiconductor company with no connection to Ledger's supply chain.
Cointelegraph reached out to Espressif for comment but received no immediate response.
The Attack Vector
The scam specifically targets buyers unfamiliar with Ledger's ecosystem. A QR code included in the packaging directs users to download a malicious version of Ledger Live rather than the official app from ledger.com.
This fake app displays a spoofed "Genuine Check" that appears to validate the counterfeit hardware. Users who continue through the setup process eventually enter their seed phrases, giving attackers complete access to drain funds at any time.
Part of a Broader Wave
The counterfeit hardware discovery comes just days after a separate Ledger-related attack made headlines. On April 14, blockchain investigator ZachXBT reported that a fake Ledger Live app distributed through Apple's App Store had stolen $9.5 million from more than 50 victims before Apple removed it.
That attack used a bait-and-switch strategy to bypass App Store review, initially appearing as a legitimate productivity app before updating to mimic Ledger's official software.
Together, these incidents highlight how scammers are investing significant resources to compromise users who choose self-custody over centralized exchanges. The counterfeit hardware operation required manufacturing custom PCBs, embedding wireless components, developing modified firmware, and creating convincing packaging — a substantial operation suggesting organized criminal involvement.
Protecting Yourself
The researcher's advice is straightforward: purchase hardware wallets exclusively from official manufacturer websites, download companion apps only from verified sources, and treat any device that fails authenticity checks as compromised.
"If your device fails the Genuine Check — stop using it immediately," they warned.
For the Ledger Nano S Plus, which retails between $59 and $85, the pricing on the Chinese marketplace matched official rates — meaning buyers had no discount-based warning signs to tip them off before purchase.
Image source: Shutterstock.jpg)