Close Menu
Cryprovideos
    What's Hot

    Alpaca Raises $135M To Gasoline Tokenization Infrastructure Growth

    July 16, 2026

    The Readability Act is an important shopper safety effort in years

    July 16, 2026

    BlackRock, JPMorgan Again DTCC Pilot That Might Reshape Securities Buying and selling Now

    July 16, 2026
    Facebook X (Twitter) Instagram
    Cryprovideos
    • Home
    • Crypto News
    • Bitcoin
    • Altcoins
    • Markets
    Cryprovideos
    Home»Markets»Counterfeit Ledger Nano S+ Drains Wallets Throughout 20 Chains
    Counterfeit Ledger Nano S+ Drains Wallets Throughout 20 Chains
    Markets

    Counterfeit Ledger Nano S+ Drains Wallets Throughout 20 Chains

    By Crypto EditorApril 18, 2026No Comments4 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email


    A Brazil-based safety researcher exposes a counterfeit Ledger Nano S+ operation utilizing malicious firmware and faux apps to empty wallets throughout 20 blockchains.

    A Brazil-based safety researcher has uncovered one of the refined counterfeit Ledger Nano S+ operations ever documented. The faux machine, sourced from a Chinese language market, carried customized malicious firmware and a cloned app. The attacker instantly stole each seed phrase that customers entered.

    The researcher purchased the machine on suspicion of value irregularities. Upon opening it, the counterfeit nature was apparent. As a substitute of discarding it, a full teardown adopted.

    What Was Hidden Contained in the Chip

    The real Ledger Nano S+ makes use of an ST33 Safe Ingredient chip. This machine had an ESP32-S3 as an alternative. The chip markings have been bodily sanded down to dam identification. The firmware recognized itself as “Ledger Nano S+ V2.1” — a model that doesn’t exist.

    Investigators discovered seeds and PINs saved in plain textual content after conducting a reminiscence dump. The firmware beaconed to a command-and-control server at kkkhhhnnn[.]com. Any seed phrase entered into this {hardware} was exfiltrated immediately.

    The machine helps roughly 20 blockchains for pockets draining. That’s not a minor operation.

    5 Assault Vectors, Not One

    The vendor bundled a modified “Ledger Reside” app with the machine. The builders constructed the app with React Native utilizing Hermes v96 and signed it with an Android Debug certificates. The attackers didn’t trouble acquiring a respectable signature.

    The app hooks into XState to intercept APDU instructions. It makes use of stealthy XHR requests to tug information out silently. Investigators recognized two further command-and-control servers: s6s7smdxyzbsd7d7nsrx[.]icu and ysknfr[.]cn.

    This isn’t restricted to Android. The identical operation distributes a .EXE for Home windows and a .DMG for macOS, resembling campaigns tracked by Moonlock below AMOS/JandiInstaller. An iOS TestFlight model additionally circulates, bypassing App Retailer evaluate solely — a tactic tied beforehand to CryptoRom scams. 5 vectors complete: {hardware}, Android, Home windows, macOS, iOS.

    The Real Verify Can’t Save You Right here

    Ledger’s official steerage confirms that real units carry a secret cryptographic key set throughout manufacturing. The Ledger Real Verify in Ledger Pockets verifies this key every time a tool connects. In accordance with Ledger’s assist documentation, solely a real machine can cross that examine.

    The issue is easy. A compromise throughout manufacturing renders any software program examine ineffective. The malicious firmware mimics sufficient of the anticipated habits to proceed previous fundamental checks. The researcher confirmed this straight within the teardown.

    Previous provide chain assaults focusing on Ledger customers have repeatedly proven that packaging-level verification alone is inadequate. Documented instances on BitcoinTalk file particular person customers shedding over $200,000 to faux {hardware} wallets from third-party marketplaces.

    The place These Units Are Being Bought

    Third-party marketplaces are the first distribution channel. Amazon third-party sellers, eBay, Mercado Livre, JD, and AliExpress all have documented histories of itemizing compromised {hardware} wallets, the researcher famous within the Reddit put up on r/ledgerwallet.

    The worth level is intentionally suspicious. That’s the lure. A non-official supply doesn’t provide a reduced Ledger as a deal—it sells a compromised product to profit the attacker.

    Ledger’s official channels are its personal e-commerce web site at Ledger.com and verified Amazon shops throughout 18 nations. Nowhere else carries any assure of authenticity.

    What the Researcher Is Doing Subsequent

    The group ready a complete technical report for Ledger’s Donjon group and its phishing bounty program, and it’ll launch the complete write-up after Ledger completes its inside evaluation.

    The researcher has made IOCs obtainable to different safety professionals via direct messages. Anybody who bought a tool from a questionable supply can attain out for identification help.

    The important thing crimson flags stay easy. A pre-generated seed phrase included with the machine is a rip-off. Documentation asking customers to sort a seed phrase into an app is a rip-off. Destroy the machine instantly in both case.



    Supply hyperlink

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Alpaca Raises $135M To Gasoline Tokenization Infrastructure Growth

    July 16, 2026

    The Readability Act is an important shopper safety effort in years

    July 16, 2026

    BlackRock, JPMorgan Again DTCC Pilot That Might Reshape Securities Buying and selling Now

    July 16, 2026

    TSMC Raised Its 2026 Income Steering: What It Means for AI Chip Demand

    July 16, 2026
    Latest Posts

    CZ Explains Bitcoin vs AI Investing – Right here Is Why Each Might Thrive Collectively – BlockNews

    July 16, 2026

    $1.5 Billion Value of ETH and BTC Choices on Observe to Expire – U.As we speak

    July 16, 2026

    Bitcoin’s Bounce Is Filled with Sellers, However For How Lengthy?

    July 16, 2026

    Find out how to Purchase Bitcoin Safely in 2026: A Step-by-Step Information

    July 16, 2026

    Bitcoin choices' hottest name has slipped decrease by $10,000: Crypto Each day

    July 16, 2026

    Bitcoin Slips All the way down to $64K, Ethereum Pulls Again From Six-Week Peak: Market Watch

    July 16, 2026

    Bitcoin Breaks Heavy Resistance—However Dying Cross Looms: Evaluation – Decrypt

    July 16, 2026

    Don’t Obsess Over Bitcoin’s Backside as $38K Low Comes Into Focus: Analyst

    July 16, 2026

    CryptoVideos.net is your premier destination for all things cryptocurrency. Our platform provides the latest updates in crypto news, expert price analysis, and valuable insights from top crypto influencers to keep you informed and ahead in the fast-paced world of digital assets. Whether you’re an experienced trader, investor, or just starting in the crypto space, our comprehensive collection of videos and articles covers trending topics, market forecasts, blockchain technology, and more. We aim to simplify complex market movements and provide a trustworthy, user-friendly resource for anyone looking to deepen their understanding of the crypto industry. Stay tuned to CryptoVideos.net to make informed decisions and keep up with emerging trends in the world of cryptocurrency.

    Top Insights

    ‘Customers Want Security’: Former SpaceX Supervisor Raises $4.2M for Crypto Platform Stackup – Decrypt

    June 20, 2025

    Why Analysts Aren’t Apprehensive About Coinbase’s 30% Drop – Decrypt

    July 15, 2026

    Morgan Stanley Plans To Provide Bitcoin And Crypto Buying and selling To E-Commerce Purchasers

    May 1, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    • Home
    • Privacy Policy
    • Contact us
    © 2026 CryptoVideos. Designed by MAXBIT.

    Type above and press Enter to search. Press Esc to cancel.