Scammers Are Now Sending Fake Ledger USB Devices Over Post Mail

• Ledger phishing campaigns are getting increasingly sophisticated and elaborate, as Reddit users report.
• Some people report receiving “Nano X” replacements via post mail, with everything appearing legit.
• The actors are looking to steal the current recovery phrases that will allow them to take over crypto wallets.

Scammers who are always on the look for ways to steal cryptocurrency assets from other people are now sending fake Ledger USB devices to customers of the hardware wallet service via post mail. The diligence in the packaging makes the campaign very convincing, as users on Reddit showcase a parcel wrapped in Ledger-branded bags containing a shrinkwrapped device in a box that appears genuine and a letter supposedly signed by the company's CEO Pascal Gauthier.

The actors claim (in the enclosed letter) that the reason for sending the new Nano X is to protect the recipient from the data breach that occurred last year, so it’s supposed to be a security measure. The letter urges the user to switch to the new device to stay safe and explains that the new device has a different “structure” because it has been enhanced for security. By looking at the following comparison made by Bleeping Computer, it becomes obvious that this claim is bogus as the replacement device is of notably inferior quality.

The contained device is supposed to be a “Nano X,” but in reality, it is a modified USB stick made to trick people into giving away their wallet info. The Nano X is a Bluetooth-enabled hardware wallet where people can store their digital assets and use it to verify transactions. As such, it is similar to a real wallet, but for crypto, and so if someone was to steal the user’s recovery phrase, they would have the key needed to steal the wallet.

The scammers enclose some instructions on how to “set up” the new wallet by installing an app and filling the forms with your old recovery phrases. The app then sends this valuable information to the scammers, who are then importing the victim’s wallet on their devices and assuming full control, leaving the rightful owner with no way to recover their crypto.

Actors are still exploiting the appearance of the Ledger customer database that appeared on a hacking forum last December, exposing the names, phone numbers, and home addresses of device holders. The level of sophistication in this post-mail campaign is indicative of the effort that goes into these campaigns, and with crypto prices risen greatly since the start of the year, that’s hardly surprising.