Counterfeit Ledger Device Scams
Counterfeit Ledger hardware wallets sold through unofficial channels may have modified firmware that transmits seed phrases to scammers. Only buy from ledger.com or the official Ledger authorized reseller network.
Part of: Fake Hardware Wallet Scams
Last reviewed: 7 June 2026
Ledger hardware wallets are among the most trusted tools for self-custody cryptocurrency storage. This trust makes the Ledger brand a target for counterfeiters who replicate the physical device and packaging well enough to pass a visual inspection. The counterfeit device may operate normally for weeks or months before the attacker acts — creating a false sense of security.
Counterfeit Ledger devices have been documented in the wild. Some carry modified firmware that captures the seed phrase during the initial setup process and transmits it to the attacker. Others arrive with a pre-written seed phrase supplied on a separate card — the seller already knows the phrase and can drain the wallet at will once assets are loaded.
Ledger's countermeasure is the genuine check: a cryptographic verification performed by Ledger Live that confirms the device firmware has not been tampered with. Running this check on any new device, especially one from an unofficial source, is essential. But the safest approach is to purchase only from ledger.com/shop or the official authorized reseller list.
How this scam works on the Ledger brand
A buyer purchases a Ledger Nano X from an online marketplace listing at a small discount. The device arrives in packaging that appears authentic, including the holographic seal. During setup, the device generates and displays a 24-word seed phrase — which the buyer writes down and stores offline. Unknown to the buyer, the device's modified firmware already sent the phrase to the attacker at the moment of generation. Several months later, after the wallet has accumulated value, the attacker drains it in a single transaction.
In another variant, the counterfeit Ledger is sold with a 'setup instructions' sheet inside the box that tells the buyer to 'input the included recovery phrase for faster setup.' The sheet includes a pre-written 24-word phrase — already known to the seller — and the buyer follows the instructions thinking this is Ledger's standard process.
Ledger's genuine setup process involves the device generating a new, unique seed phrase that is displayed on the device screen and never transmitted elsewhere. No legitimate Ledger device comes with a pre-written seed phrase. Any device that supplies one should be immediately considered compromised.
Common red flags
- A Ledger device purchased from a third-party marketplace, auction site, or individual seller
- A discount on a Ledger device that suggests a below-normal retail price
- A pre-written recovery seed phrase included in the box with setup instructions
- Instructions in the box to use an 'included recovery phrase for faster setup'
- Packaging that shows signs of being opened and resealed before your receipt
- A device that fails the genuine-check verification in Ledger Live
How to protect yourself
- Purchase Ledger devices only from ledger.com/shop or official authorized resellers listed at ledger.com
- Run the Ledger genuine check immediately on any new device through Ledger Live
- Never use a recovery phrase provided in the device packaging — always generate a new one
- Inspect packaging for tampering before first use
- If in doubt about a device's authenticity, contact Ledger support at support.ledger.com before loading assets
How to report it
- Report counterfeit device sales to Ledger at support.ledger.com
- Report the marketplace listing to the relevant marketplace's seller abuse team
- Report to IC3.gov (US), Action Fraud (UK), or your national consumer protection authority
- Leave a warning review on the marketplace to protect other buyers
Frequently asked questions
How does the Ledger genuine check work?
When you connect a Ledger device, Ledger Live performs a cryptographic challenge-response verification with Ledger's servers. The device must sign a challenge using a Ledger-issued certificate. A counterfeit device with unofficial firmware cannot pass this verification.
If my Ledger device passes the genuine check, is it definitely safe?
A passed genuine check confirms the firmware is authentic Ledger firmware. However, if the device was supplied with a pre-written seed phrase, that phrase is already known to the seller regardless of the firmware. Always generate a new seed phrase yourself rather than using any provided one.
I bought a Ledger from a marketplace and suspect it is fake. What should I do?
Do not load any assets onto it. Run the genuine check in Ledger Live. If it fails, the device is counterfeit — do not use it and report it to Ledger and the marketplace. If it passes but was supplied with a pre-written seed, assume that phrase is compromised and generate a new one.