A cryptocurrency investor told a forum on Reddit on Wednesday to share a gift he received on his doorstep. Although he had not asked, he had received a wallet from Ledger, one of the largest cold wallet manufacturers in the market.
In the package came a Ledger Nano X wallet — a model that costs R$ 1,300 in Brazil — and a letter signed by the company’s CEO, offering the device for free to the user as an apology for the mega-leakage that the company suffered last year.
The user was surprised to receive the package at his home address:
“I received a package from Ledger, although I didn’t order it. Inside the package, there is a new Ledger X and an attached letter. I’m sure it’s a scam. I also opened the device and it’s definitely tampered with,” he wrote.
He posted photos of the package he received and the images show the official Ledger logo on all content. In addition to the device came instructions that tried to persuade the user to replace their existing hardware wallet as a way to protect their funds.
The installation guide provided step-by-step instructions on how to install the device on the computer and inform the seed words that would give the scammers access to the user’s cryptocurrencies.
Despite the elaborate campaign, it is possible to notice grammar errors in the text and the altered packaging of the box with the device. “Careful guys! This is really an attempt at fraud on another level,” he warned.
Legder confirmed the fraud
As soon as the denunciation of the scam began to circulate on social networks, Ledger made an official statement in which it denies having sent any wallet to users, confirming that it was a scam.
“The package includes a fake Ledger Nano wallet, with a flash drive implant connected to the printed circuit board. It contains a file with a fake Ledger Live application that asks the user to plug the device into the computer and run the rogue application,” the company wrote.
The note points out that an original Nano Ledger does not contain any application to download and install on your computer. The only way to download Ledger Live is through the company’s official page.
Also, it is important that the user pay attention to details to make sure they are actually on the official website. O Bitcoin Portal recently told the story of a Brazilian doctor who lost R$500,000 in bitcoin after posting his seeds on a fraudulent Trezor website.
Regardless of the wallet maker, phishing campaigns follow the same strategy of posing as the company to extract users’ credentials and steal their cryptocurrencies. “Ledger Live will never ask you to share your 24-word recovery phrase,” warns the company.