Fake Ledger Device Bought on Chinese Marketplace Raises Fresh Hardware Wallet Alarm

• A cybersecurity researcher says a counterfeit Ledger Nano S Plus bought on a Chinese marketplace failed Ledger Live’s built-in authenticity check.
• The researcher later examined the device firmware and said the evidence pointed to components linked to Espressif Systems.

A cybersecurity researcher says they uncovered a sophisticated fake Ledger device sold through a Chinese online marketplace, adding to a growing list of scams that no longer rely only on phishing links or fake apps.

Posting on the ledgerwallet subreddit under the name Past_Computer2901, the researcher said they bought what appeared to be a legitimate Ledger Nano S Plus for personal use. The device was priced the same as the official Ledger store, and at first glance the listing and packaging looked convincing enough.

The fake passed the eye test, but failed the software check

The problem only became clear after the device arrived. When the researcher connected it to the genuine Ledger Live application, already installed on their computer, it failed Ledger’s built-in Genuine Check.

That was the first strong signal that the wallet was not authentic. According to the researcher, the counterfeit was not some crude imitation thrown together cheaply. It had been designed to look real enough to fool buyers who assumed a normal-looking package and market price were signs of legitimacy.

In their post, the researcher said the experience left them shaken by what they described as the apparent scale of the operation. The warning, they added, was meant to inform rather than panic users.

Firmware analysis pointed to a deeper supply-chain concern

The case became more serious after the researcher examined the device’s firmware. According to their account, the code and hardware indicators pointed toward Espressif Systems, a Chinese semiconductor company, suggesting the counterfeit may have been built around components not associated with genuine Ledger devices.

That does not prove direct involvement by the company itself, but it does suggest the fake was assembled with enough technical care to move beyond simple cosmetic cloning.

For crypto users, the lesson is uncomfortable but straightforward. Hardware wallets are supposed to reduce trust assumptions, yet buying them from unofficial marketplaces can reintroduce exactly the kind of risk they are meant to remove. In this case, the counterfeit was only caught because the buyer used the official app before doing anything worse, like entering recovery credentials into a device that was never legitimate to begin with.