Security Researcher Exposes Large-Scale Counterfeit Supply Chain Attack on Ledger Nano S Plus
A security researcher has documented a large-scale counterfeit device sales operation targeting the Ledger Nano S Plus. These counterfeit devices look identical to the genuine ones but use an ESP32 microcontroller instead of the Ledger security chip. The firmware is labeled "Nano S+ V2.1," and the seed phrases and PIN codes are stored in plaintext and transmitted to the attacker's server, resulting in wallets being emptied after initialization.
The operation also involves fake Ledger Live software, distributing applications built on React Native and signed with debug certificates, capable of intercepting transactions and exfiltrating data to multiple control servers across various platforms, including hardware, Android APKs, Windows executables, macOS installers, and iOS TestFlight. Previously, ZachXBT exposed another fake Ledger Live application that passed Apple's Mac App Store review, stealing over $9.5 million in assets from more than 50 victims, including musician G. Love, who lost 5.92 BTC.
Source: Public Information
ABAB AI Insight
This incident exposes a structural shift in the supply-side risks of cryptocurrency asset custody from firmware vulnerabilities to supply chain and distribution fraud. Hardware wallets are supposed to provide offline security boundaries, but have become attack vectors due to infiltration at the manufacturing source, highlighting the institutional constraints faced by the promise of "self-custody" at the physical production stage: the decentralized nature of global supply chains makes it difficult for end users to verify the authenticity of devices, allowing attackers to intercept before users come into contact with the products.
From a wealth distribution perspective, such scams are accelerating the concentration of retail-level assets towards organized attackers. Unlike the traditional financial system, which relies on regulatory bodies for post-factum accountability, the decentralized nature of the crypto ecosystem amplifies losses caused by information asymmetry, and the lack of a central clearing mechanism further enables such redistribution. Similar patterns have recurred throughout history; whenever new technologies create new pools of wealth, early adopters often bear the costs of fraud until the market reconstructs trust mechanisms through repeated trial and error.
In the long-term trend, this is part of a larger cycle of embedded technological substitution and industrial migration. The hardware wallet industry relies on centralized production and app store distribution, which inherently creates tension with the narrative of decentralization. This incident may accelerate user migration towards multi-signature, MPC, or pure software recovery solutions, while also testing the brand pricing power and supply chain audit capabilities of leading manufacturers like Ledger. In the global financial landscape, this also represents the growing pains of emerging asset classes outside the dollar-dominated system: as capital migrates from traditional banks to crypto, it is accompanied not merely by technological advancement but by a continuous redistribution of power and capital among users, manufacturers, and attackers.