Buyers of Ledger Wallets Were Sent Fake Devices by Mail
Some Ledger wallet users have received "new devices" in the mail, ostensibly for replacement. Along with the package, it was reported that their data was at risk due to a major leak in the summer of 2020.
It turned out that consumers were sent devices modified by hackers, designed exclusively for stealing cryptocurrencies by transferring them directly to the accounts of cybercriminals.
At first glance, it is impossible to distinguish fake from the original - the packaging corresponds to the genuine Ledger Nano X device. However, the attached letter contained quite a few grammatical and spelling errors. It was extensively reported that the wallet was sent to replace the previous one to ensure security.
Further in the letter, the owners were urged to switch to a new device as soon as possible. This made the most advanced users question the authenticity of such a wallet. The differences between fake and original are especially noticeable in the Ledger's printed circuit board. You can see the cheap assembly and the abundance of regular USB stick components.
The above is fake. Below is the original Ledger wallet.
In fact, the device is a USB flash drive paired with some elements of a standard Ledger wallet. The activation instructions are the same as with the original - you need to connect the wallet to your computer and activate the built-in application. After that, you need to enter a passphrase to import the data to the new device.
Actually, at the point of entering the passphrase, attackers gain access to the storage. For reference, there was indeed a major data breach on June 25, 2020. Somebody got access to users’ email addresses, names and phone numbers.