A Reddit user yesterday denounced a new scam exploiting the data leak of Ledger customers in July 2020. This user has indeed received in the mail a fake Ledger Nano X [1] in its packaging accompanied by a letter bearing the signature of the CEO of the company. This is not a first since this scam was reported as early as May 10, 2020.

“The fake device comes in packaging that is genuine and bears the Ledger logo. The package includes a letter and a falsified Ledger hardware wallet. It is packaged as if the box had never been opened. The letter explains that you must replace your existing hardware wallet to secure your funds. This is a scam. This Ledger Nano is wrong. A flash drive has been connected to the card. It contains a file with a malicious application presented as Ledger Live. The box of the Nano contains instructions that require the user to connect the device to their computer, open and run the malicious application. To initialize the device, the user is invited to enter their 24 words in the application.

This is a scam. A Ledger Nano is not a USB device. It does not contain any applications to download and install on your computer. The only way to download the Ledger Live app is to use the official download page. Plus, Ledger and Ledger Live will never ask you to share your 24-word recovery phrase. «

Sources: ledger.com – reddit.com/r/ledgerwalletbleepingcomputer.com

[1] See also the «hardware wallets»