TL;DR
- A fake Ledger wallet sold on an online marketplace contained a hidden extra chip and malicious firmware
- The device was designed to steal seed phrase and PIN immediately upon use
- The attack is a classic supply chain attack — the device is compromised before it reaches the buyer
- Experts warn: always buy from official channels and verify the device upon setup
Counterfeit Hardware Wallet Uncovered with Hidden Stealing Chip
A fake version of Ledger's popular hardware wallet has been exposed after security researchers discovered that the device contained an unauthorized microchip and manipulated firmware, according to CryptoPotato. The intent was simple and alarming: to steal the user's seed phrase and PIN code the moment they are entered.
The device was sold through an online marketplace and appeared seemingly identical to genuine Ledger products. This makes it particularly dangerous, as even experienced crypto users can be deceived.
What is a Supply Chain Attack?
This attack is what is commonly known as a supply chain attack. Instead of hacking into a user's computer or wallet after purchase, the device itself is compromised during the production, packaging, or distribution stages.
The result is that the user never stands a chance: from the very first moment, the wallet is a Trojan.
History Shows This Is Not an Isolated Incident
This is not the first time Ledger-related infrastructure has been misused. In December 2023, the Ledger Connect Kit — a JavaScript library used by third-party DeFi applications — was attacked via a compromised npm package. According to security reports, the attack resulted in losses of between $484,000 and $600,000 in just five hours.
In March 2025, Ledger's internal security unit, Donjon, uncovered a vulnerability in older Trezor Safe 3 models, where physical access combined with a weak PIN could potentially be exploited to bypass security mechanisms.
In 2023, a fake Ledger application was also discovered published in Microsoft's official App Store, mimicking the legitimate software to trick users into divulging sensitive information.
A genuine hardware wallet will never come with a pre-filled seed phrase in the box. If you find one, do not use the device.
How to Protect Yourself
Security experts are clear on what is needed to protect against these types of attacks:
Buy Only from Official Channels
Always buy hardware wallets directly from the manufacturer's website or verified resellers. Marketplaces like Amazon, eBay, and similar platforms represent a real risk of receiving counterfeit devices.
Carefully Inspect Packaging and Seals
Check that all sealing stickers, holograms, and shrink-wrap are intact and untampered upon receipt. Ledger and Trezor both use tamper-evident packaging.
Verify the Device Upon Setup
Use the official applications — Ledger Live for Ledger, Trezor Suite for Trezor — to perform cryptographic verification of the device during setup. These tools can detect if the firmware has been altered.
Generate Seed Phrase Yourself — On the Device
A genuine device always generates a new, random seed phrase directly on its screen during initial setup. Never accept a pre-selected or pre-filled seed phrase.
Store Seed Phrase Offline
Write the seed phrase down on paper or metal and store it in a secure, offline location. Never take a picture of it or store it digitally.
Market Situation Amplifies Risk
With Bitcoin currently priced around $77,236 and the Fear & Greed Index at 26 out of 100 — a level indicating significant fear in the market — it's worth remembering that uncertain times also attract opportunistic actors. Fake devices and phishing attacks tend to escalate during periods when users seek cheap alternatives or trade outside regular channels.
Regardless of the market climate, experts recommend treating hardware security as critical infrastructure — and never sacrificing security to save a few hundred dollars on the purchase.
