Ledger hardware wallets are considered one of the most secure devices on the market. The French manufacturer offers a range of models that meet different needs. However, precisely because Ledger wallets are so popular, frauds occur from time to time. These are aimed at deceiving the owner of a Ledger and inducing him to make a transaction. Alternatively, the perpetrators gain access to the seed. It is, therefore, imperative as a user to be aware of what pitfalls lurk and how the fraudsters proceed.

We want to show you which scams exist and how to protect yourself against them. We also cover what to do if you fall victim to a Ledger scam.

Is Ledger Recover a scam?

Currently, many warnings are circulating regarding the new Ledger Recover service. This is an entirely legitimate service provided by the wallet manufacturer. The seed is split into three encrypted parts, so-called shards. These shards are shared via a secure channel with Ledger and two service providers.

Customers using Ledger Recover must link the shards with proof of identity. If they lose access to the wallet, they can re-identify themselves and regain access to their coins through the shards.

The fear that drives many users is based on the fear that Ledger Recover will be compromised somehow. In plain English, this means exposing the seeds of their customers. Due to these concerns and the many complaints, Ledger has decided not to launch the service..

If you receive any requests from third parties to open a customer account with Ledger Recover, it is a scam!

The Supply Chain Attack

The so-called supply chain attack is one of the few attack vectors to attack and successfully crack a Ledger hardware wallet. Because the devices are inaccessible to criminals after they have been adequately set up, this scam aims to impose a tampered device on unsuspecting victims.

For this purpose, manipulated devices are sold directly in stores instead of replacing existing appliances. The manipulation can take many different forms. One popular method is pre-filled recovery sheets. Here, the perpetrators create a seed, write it down, fully set up the hardware wallet, and send it to the victim. If the recipient of this wallet uses the predefined seed, he risks the total loss of his cryptocurrencies. After all, the fraudsters can dispose of the cryptos just like the owner himself.

The second method is much harder to detect because it primarily aims to manipulate the devices internally. Therefore, the fraudsters buy real devices on the market, open them professionally, and selectively replace certain building blocks, which are reprogrammed. After that, the device is professionally assembled and sealed. Afterward, it is sold on the secondary market. Often such devices come from eBay or classifieds. What needs to be apparent to the buyer is that an important component, the so-called secure element, is no longer in factory condition. On the other hand, if the unsuspecting victim creates a seed with such a device, the perpetrators can know in advance what it will look like.

In both cases, the perpetrator has the seed in advance. However, the second method is undoubtedly the most difficult to detect. To protect yourself from this attack, purchasing the devices exclusively from the manufacturer or certified resellers, which are explicitly identified on the manufacturer's website, is recommended.

Fake Wallet Software

Ledger Live is the software interface used to couple the Ledger hardware wallet. On the one hand, this software is used to install new apps that enable the management of various cryptocurrencies and tokens. On the other hand, updates of the firmware and said apps are also triggered via this interface.

Fraudsters use the phishing method, in particular, to lure victims to fake websites and offer them manipulated software. This malware cannot be distinguished from Ledger Live from the outside. In most cases, the victim is led to believe that an update is urgently needed or that the cryptocurrencies should be backed up. For example, suppose they agree to the intention of the fraudulent software and confirm the associated transactions on the hardware wallet. In that case, the users also face a total loss.

Besides Ledger Live, other apps are copied, counterfeited, or infected with malware. These include above all, applications that can be installed as browser plug-ins. The perpetrators often have an easier time here because the app stores for browser plug-ins are moderated much worse than, for example, the Apple app store or comparable marketplaces.

What can I do if I receive a counterfeit hardware wallet?

You should contact the manufacturer directly if you have received a counterfeit hardware wallet or if the package has been severely damaged in the mail. As a rule, the manufacturers of all hardware wallets offer to send in the devices in cases of suspicion. These are checked there for their factory configuration; if it is fake, you get a replacement.

Ledger is also very keen to assist in cases of suspicion. Under no circumstances should you create a seed with a wallet suspected of being fraudulent or put it into operation to store cryptocurrencies. Otherwise, they risk that the perpetrators can steal the cryptocurrencies.

What can I do if I have been defrauded?

If you have been defrauded and have lost cryptocurrencies, you should always file a criminal complaint. Because it is usually challenging for victims to understand how they have been tricked, it is advisable to get an expert to help. Crypto-Tracing can analyze where your cryptocurrencies have been transferred to. We can also clarify how the perpetrators gained access to their hardware wallet. Additionally, we work closely with a lawyer specializing in IT law.  

This allows us to track the perpetrators and document their actions reliably. Together with the lawyer, legal steps can be initiated. We offer to advise you jointly on all issues and to be accompanied and legally represented by our partner attorney throughout all phases.