Last updated on:

Nasty Ledger wallet scams. And how to avoid them.

Ledger wallets flew off the shelves after the hack on Binance. Given the influx of new Ledger wallet users, it would be a good time to share Ledger wallet scams that have happened in the past. Hopefully, by shedding light on them, fewer users would fall for them.

Ledger is one of the most, if not the most, popular hardware wallet providers on the planet. We use Ledger ourselves and love the product. Unfortunately, scammers share the same sentiment and are drawn to it. As a result, there have been many Ledger wallet scams or scams targeting Ledger users. As Ledger wallets are highly secure, scammers have turned their attention to the weakest link in any security model.

The end user.

YOU.

Below we would discuss some Ledger wallet scams that have occurred.

Wallet

Scam 1: Pre-generated recovery seed

Scam recovery sheet before scratch off
Scam recovery sheet before scratch off. (Image credit: Reddit user normal_rc)

Scam recovery sheet after scratch off
Scam recovery sheet after scratch off

This is how it happens:

  • The scammer purchases a Ledger wallet (a Ledger Nano S in this instance).
  • The scammer then inserts a pre-populated recovery seed inside the packaging. An example of this is shown above.
  • They then repackage it for sale to an unsuspecting customer.
  • The customer buys the wallet and sets it up with the recovery seed provided.
  • Funds the user transfers to their Ledger Nano S get stolen. This is possible since the scammer has access to the recovery seed used to set up the wallet.

Precautions to avoid this Ledger wallet scam:

  • Only buy your Ledger wallet from the source. This means purchasing it from Ledger’s website. What about purchasing them from authorized retailers listed on Ledger’s website? Personally, we would not and would do so only if Ledger does not ship to our location. Also, do not buy them from Amazon as there is the risk of inventory commingling. A benefit of purchasing from the source (ie. Ledger) is that you are assured about the authenticity of your device. If you have doubts about your device’s authenticity, Ledger provides guidance on how to perform the necessary checks.
  • Avoid buying a second-hand Ledger wallet. You may save some money. But you will always have the lingering doubt at the back of your mind that your device may have been tampered with.
  • Some sellers also offer Ledger wallets preloaded with Bitcoin. Sellers of these wallets know the recovery phrase to access your funds. Thus, purchasing such wallets is a horrific idea.
  • Understand that your Ledger wallet “does not include any pre-existing seed words or pin code”. You should always be generating the seed words and pin codes on your own. Your recovery sheet should thus be blank.
Blank recovery sheet Ledger Nano S
Blank recovery sheet for Ledger Nano S

Ledger Nano S scam recovery sheet and pin
Ledger Nano S scam recovery sheet and pin (Image credit: Reddit user Bill_565)

Ledger Nano S fake instructions
Ledger Nano S fake instructions (Image credit: Reddit user pilotichegente)

Scam 2: Fake Ledger software

Scam Ledger wallet software
Scam Ledger Live software

Such software like the one above tricks the user into entering their seed phrase into them. Once scammers get hold of the seed phrase, they can then proceed to empty the user’s wallet.

Precautions to avoid this Ledger wallet scam:

  • Never key in your seed into a device other than your hardware wallet. Hardware wallets provide separation between your recovery phrase / private keys and your devices like mobile phones or computers. This separation is crucial as mobile phones or computers have many vulnerabilities. Hardware wallets have much smaller attack surfaces. Thus, storing your recovery phrase on them increases security exponentially. If you enter your recovery phrase into your phone or computer, your hardware wallet effectively turns into a desktop or mobile wallet. Both these options are much less secure.
  • Only get your downloads FROM the official website. Bookmark the correct URL and access it from there so you wouldn’t end up mistyping and landing on a phishing site.
  • Installing a good antivirus or antimalware solution to help detect malicious software.

Scam 3: Fake customer support

Scammers also offer fake customer support targeting Ledger users. They lure users into revealing confidential information such as their recovery seed. Once obtained, scammers can use it to steal the user’s funds.

A scammer trying to offer "help" to a user.
A scammer trying to offer “help” to a user. (Image credit: Reddit user bigblacklenny)

Fake Ledger Nano support number
Fake Ledger Nano support number

There are many other twists to such scams. In one instance, scammers impersonated Ledger and held an Etherium giveaway.

Fake Ledger support on Twitter
Fake Ledger support on Twitter

Scammers have also become more proactive. Instead of waiting for users to contact them, they have gone out to contact users.

Another variation involves scammers convincing users to provide remote access to their devices. This can be done through software like TeamViewer. Scammers would claim they need access to “diagnose the issue”. Such “help” inadvertently involves the draining of funds from the user’s wallet. What’s more, reports have shown that scammers aren’t just after cryptocurrencies alone. They want to fleece you of as much as possible and are known to steal Google Play Store gift cards too.

Fake Ledger wallet support scam
Fake Ledger support scam (Image credit: Reddit user babyxdeja)

Precautions to avoid this Ledger wallet scam:

  • Only contact Ledger through official channels. According to Ledger, they are reachable through their online contact form, live chat on Ledger.com or via Twitter (@Ledger). They DO NOT offer phone support. Users can also get help from their official Reddit page.
Ledger fabnormal response
Ledger support staff fabnormal
  • Here are several things to note when contacting support on these channels.
    • Even on official channels, ensure you are getting help from REAL support staff. On Reddit, you can identify Ledger team members from their flairs. An example of what a flair looks like is shown in the image below. See how user btchip has the flair of Ledger CTO next to his username?
Ledger Support team btchip
Ledger support team btchip
    • Another way to identify legitimate support staff is to look at the moderators section. This can be found on the right-hand panel on Reddit.
Reddit Ledger moderators
Moderators on the Ledger subreddit.
  • On Twitter, Ledger has a blue tick next to their username (which indicates a verified account) and have the @Ledger handle.
Fake Ledger support on Twitter
Fake Ledger support on Twitter
  • Never reveal your recovery seed to ANY support team, legitimate or not. This is like handing over the keys to your car and trusting them not to drive away with it. They should not be asking for it. Remember if support does ask for it …

Scam 4: Fake Ledger wallet app

Fake Ledger Manager Chrome store app
Fake Ledger Manager Chrome store app (Image credit: @themarkymark)

Fake Ledger Manager Chrome store app
Fake Ledger Manager Chrome store app (Image credit: @themarkymark)

Once users download such fake apps, scammers can use them to get hold of user data. For example, they could trick users into providing their recovery seed. Notice how the download above was offered by dinsidorova67? This should have raised alarm bells.

Side note: Ledger Live has replaced Ledger Manager. Thus, you should not be downloading it.

And while this fake app was not found to be malicious, the developer could have easily updated it to make it so. As Ledger apps are now available on smartphones, we can expect to see more such fake apps appearing.

Precautions to avoid this Ledger wallet scam:

  • Only get your download links from the official website. For example, to get the download links to Ledger mobile apps, users can access it via the links on Ledger’s website.
Ledger Live download links
Ledger Live download links
  • Before downloading any app, users can perform the following checks
    • Read the reviews and ratings. If people are frequently complaining about getting scammed, you immediately know it is a scam.
    • Check the app developer information. In the screenshot below (of the official Ledger app), we see that the app was published by Ledger. Also, by checking the Developer section, we can see that the information points back to the official Ledger website.
Ledger Live app for Android
Ledger Live app for Android

However, do note that a scam app can also show legitimate app developer information. Thus, this method is not foolproof. For example, a fake Trezor wallet app had included a link back to the real website. It also included an email with the official Trezor domain, Trezor.io.

Scam Trezor wallet in Playstore
Scam Trezor wallet in Playstore. The scammer was meticulous and left real developer contact information to fool users.
  • Check the number of downloads. Hugely popular cryptocurrency wallets like Ledger would have a large number of downloads. Thus, a Ledger app with a small number of downloads is an instant red flag.
  • Report fake apps when you see them. This would reduce their effectiveness and the number of victims falling for them.

Others scams

Here are some scams that have targeted other wallet users in the cryptocurrency ecosystem. Since they could likewise happen to Ledger wallet users, we would be mentioning them too.

Scam websites or advertisements

Here are some examples of scam websites used to trick users into revealing sensitive information.

1) Phishing websites

Trezor Phishing website
Trezor phishing website (Image credit: eff-snarf)

This scam website tried to lure users to enter their recovery phrase. A captcha was included to give the illusion of authenticity. Also, note the URL. It is not the official Trezor website.

2) Unicode domain phishing

Scammers use non-English characters that look like their English counterparts in the URL. For example, this scam website looks similar to the official Binance website. But on closer inspection, you can see that is not the case.

Binance scam website
Notice how similar it looks to the real Binance website

3) Fake advertising

A .la domain name claiming to be the real deal. What could go wrong?

Trezor scam advertisement
Trezor scam advertisement (Image credit: Reddit user Vito1900)

4) DNS poisoning / BGP highjacking

In such scams, hackers are able to redirect users away from the website even if the correct website was entered into the web browser. Trezor users had fallen prey to this scam.

Trezor website hijacking
Trezor website hijacking (Image credit: Trezor)

In the image above, the address bar shows the correct address ie. wallet.trezor.io. But, an inspection of the site revealed several critical errors.

One, the website’s certificate was not trusted as shown by the “Not secure” words in the address bar.

Also, the site had requested users to enter their recovery phrase.

Hijacked Trezor website requesting for seed
Hijacked Trezor website requesting for seed (Image credit: Trezor)

5) Cybersquatting

This involves a scammer fooling users by using a domain which looks like the real website. In the image below, the scammer was asking the user to access the BIP 39 tool.

Message from scammer
Message from the scammer (Image credit: Reddit user latteisnotcoffee)

While the text told the user to go to “http://www.iancoleman.io/bip39” the actual link led to “http://www.iancolemann.io/bip39/”. Note the double N in the second link.

Precautions to avoid falling for the above scams:

  • Never enter your recovery phrase into a device other than your Ledger wallet.
  • Bookmark official sites and access sites through them. This beats Googling them each time. Or typing them out, where a typo may land you in a scam website.
    • Access the HTTPs version of the site.
    • Always check for the Secure sign in your browser’s address bar.
    • To quench your thirst for vengeance, report all instances of such fake sites. You can report them via Google (phishing sites or malware sites). In addition, you can report them to their domain registrar. To find which domain registrar a site is using, go to Whois. For illustration, we would use Google. After entering Google into Whois, we can see that Mark Monitor is their registrar. We also see that any abuse can be reported to abusecomplaints@markmonitor.com.
Google Whois
Google Whois

Fake wallets

To our knowledge, there hasn’t been a fake Ledger hardware wallet. But for Trezor, there have been imitation products. Here are some examples.

Trezor Mini
Introducing …… the Trezor Mini

Another example of a fake Trezor wallet.

Fake Trezor wallet
Fake Trezor wallet (Image credit: Trezor)

Precautions to avoid falling for this scam:

  • As we have explained above, only buy your Ledger wallet from the source.
  • If you think your device is fake, consider performing a check on the authenticity of the device.

Clipper apps

These programs do not specifically target Ledger wallets or other hardware wallets. They detect Bitcoin/cryptocurrency addresses and replace them with the scammers’ address. Thus, funds get sent to the scammer instead of the intended recipient. Below is an example of how such apps work.

Precautions to avoid falling for this scam:

  • Always verify the address in full on your hardware wallet. There are two key points here (1) Verify the address IN FULL. Don’t just verify a part of the address. Clipper apps can produce similar-looking addresses to that of the intended recipient. Scammers can do this as they have previously generated multiple addresses and hold the private keys to them. (2) Do your verification on your hardware wallet. And not on your desktop. The reason is that your desktop could be infected by malware.

Conclusion

Security is a never-ending game of cat and mouse. Don’t let your guard down and stay safe. We hope this article has raised your awareness about Ledger wallet scams lurking out there. Crypto is the Wild West of the digital world. The best we can do is learn about cryptocurrency wallet security and always be skeptical.

We strongly recommend you see our article covering fake Trezor wallets and other scams targeting Trezor users. Scams suffered by Trezor users could equally affect Ledger wallet users too. Also, for more information on cryptocurrency wallet security, we have an article on it.

Note: Scams targeting Ledger (or other wallets) users appear all the time so it is impossible to keep track of them all. If we missed a Ledger wallet scam, leave us a comment below and we will update the article.

Have you been scammed? Contact Ledger support below

Essential reading to avoid Ledger wallet scams

Other guides on protecting your cryptocurrencies

No Comments Yet

Leave a Reply

Your email address will not be published.