A Ledger user shared a devious scam in a Reddit post after receiving an apparent Ledger Nano X device in the mail.

As advertised on the French manufacturer’s website, the Nano X wallets keep cryptocurrency secure and support over 1,100 coin types. Unlike the Nano S, which was created for people who want to hold onto a small amount of crypto, Nano X is the best choice for active investors with diverse crypto holdings.

The suspicious device came in an authentic-looking packaging, with a letter explaining that their customer information was leaked online on the RaidForum hacking platform and that the Nano X was sent to replace their existing one to secure their funds.

Ledger scam heimdal
Ledger scam

Images Source: Reddit

Although the letter was poorly written, the physical addresses of over 270,000 Ledger owners were indeed leaked back in December 2020, thus making the explanation for the sending of the new device convincing.

The user who took the phishing attempt to Reddit opened the package and shared photos of the Ledger’s printed circuit board indicating that the device was altered.

Ledger scam heimdal security

Images Source: Reddit

The victim is asked to initialize the device sent with the letter and to follow the user guide in the box.

According to the enclosed instructions, the user must connect the Ledger to the computer, open the drive that appears, and run the enclosed app. Afterward, he is told he needs to enter the Ledger recovery phrase to import his wallet to the new device.​

Ledger scam heimdal security

Ledger scam heimdal security

Images Source: Reddit

Ledger describes a recovery phrase as the “key element in using a hardware wallet which must be kept secure and offline at all times.”

If for any reason your Ledger Nano X or Ledger Nano S becomes unusable (theft or destruction), you haven’t lost your precious cryptocurrencies. Your 24 words serve as a backup to all the crypto assets managed through your device.


However, anyone who has your recovery phrase can import a wallet and gain access to the cryptocurrency it contains.

According to BleepingComputer, after the user enters the recovery phrase, it is sent to the attackers, who use it to import the victim’s wallet on their own devices to steal the contained cryptocurrency funds.

Ledger became aware of this scam in May. Make sure you check their dedicated phishing page to stay updated on this malicious campaign’s status.

Since it’s not the first time that phishing attempts are targeting Ledger customers, if you think you have received a fake communication from a third party impersonating Ledger, the company advises you to report it as soon as possible.

Colonial Pipeline Ransomware Lures Are Used in Phishing Attacks

Heimdal™ AI Discovers a Complex Phishing Cryptocurrency Scam Campaign

10+ Cryptocurrency Fraud and Scams You Need to Pay Attention to

Leave a Reply

Your email address will not be published. Required fields are marked *