The troubles of customers using the services of the popular cryptocurrency wallet Ledger continue. After the security issues last year, users have now complained about receiving fake Ledger replacement devices that actually aim to steal their digital asset holdings.
Fake Ledger Replacements
Founded in 2014, Ledger develops hardware wallets enabling cryptocurrency investors to store their assets on offline devices. The company has enjoyed significant growth in the past several years and especially after the most recent boom in prices.
However, the rise of BTC and other digital assets also caught the attention of bad actors, and Ledger has been involved in a few controversial security breaches that could even lead to legal actions against the company.
It also seems that scammers have decided to take advantage of these breaches through a new scheme. A Reddit user recently complained about receiving a new Ledger Nano X device in the mail in an authentic-looking package.
However, it contained a letter filled with grammatical and spelling errors, which concerned the user, despite the perpetrators’ attempt to link the replacement device with the actual data breach.
“For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.” – reads the fake letter.
Fake Letter Sent to a Ledger User. Source: Reddit
Another Attempt to Steal Crypto
After complaining on Twitter, a security expert spoke to BleepingComputer about the differences between the original Ledger device and the one that the scammers sent.
He explained that the perpetrators have added a flash drive and wired it to the USB connector. He believes the new additions are “with the purpose to be for some sort of malware delivery.”
Keeping in mind that the instructions sent by the customers tell the potential victim to connect the fake Ledger and enter the recovery phase, it’s safe to assume that they intended to steal the digital asset holdings.
In any case, this situation also goes to show how important it is for crypto investors to know how to store their assets safely.