ledger

Phát hiện hoạt động làm giả Ledger Nano S Plus quy mô lớn 🌎

Một thiết bị giả được mua từ một chợ trực tuyến của Trung Quốc chứa phần cứng đã được sửa đổi, sử dụng chip ESP32 thay vì chip bảo mật của Ledger, với các cụm từ hạt giống và mã PIN được lưu trữ dưới dạng văn bản thuần và gửi đến các máy chủ do kẻ tấn công kiểm soát.

Thiết bị chạy phần mềm giả mạo có nhãn “Nano S+ V2.1” và hỗ trợ khoảng 20 blockchain, rút ​​sạch tiền từ bất kỳ ví nào được khởi tạo trên đó.
Chiến dịch này trải rộng trên năm phương thức tấn công: phần cứng bị xâm nhập, tệp APK Android, tệp EXE Windows, trình cài đặt DMG macOS và ứng dụng iOS được phân phối qua TestFlight để bỏ qua quá trình kiểm duyệt của App Store.

Vì vậy hãy cẩn thận khi mua ví lạnh, chỉ nên mua các nguồn uy tín hoặc tự check lại trên Leger Live nhé ✔️

#vilanh #ledger $BTC

🚨 MAXI TRUFFA CRYPTO: FALSI LEDGER INFETTANO I WALLET 🚨

Un ricercatore di cybersecurity brasiliano ha scoperto una massiccia operazione di truffa acquistando un hardware wallet “Ledger” da un marketplace cinese a prezzo sospettosamente basso.
A prima vista, confezione e design sembravano autentici, ma l’analisi interna ha rivelato una realtà ben più inquietante.

All’interno del dispositivo non c’era il chip sicuro tipico dei wallet Ledger, bensì un componente economico da dispositivo IoT, con le marcature volutamente rimosse per nasconderne l’origine.
Il firmware installato simulava una versione inesistente (Ledger Nano S+ V2.1), progettata per ingannare anche utenti esperti.

Il vero pericolo?
Ogni seed phrase e PIN inseriti venivano salvati in chiaro e inviati immediatamente a un server controllato dagli attaccanti (kkkhhhnnn[.]com), permettendo il furto istantaneo dei fondi su oltre 20 blockchain.
La truffa includeva anche una falsa app “Ledger Live”, modificata e priva di firma digitale valida, capace di sottrarre dati sensibili appena utilizzata.

Il gruppo dietro l’operazione starebbe inoltre distribuendo malware per Windows, macOS e persino iOS, sfruttando TestFlight per aggirare i controlli Apple.
Il report è stato inviato al team di sicurezza Ledger e si attendono ulteriori dettagli tecnici.
La vicenda evidenzia ancora una volta l’importanza di acquistare dispositivi solo da canali ufficiali.
#BREAKING #Ledger #hacking #alert

#Ledger

☠️ A new wave of fake Ledger devices is being reported online. These counterfeit hardware wallets are being widely sold through Chinese marketplaces while posing as genuine products.

Inside these devices, investigators have found modified chips, as well as Wi-Fi and Bluetooth modules. One researcher linked the firmware to Espressif Systems — suggesting the device can secretly steal the seed phrase and potentially drain the wallet at any moment.

A similar scheme previously brought scammers around $9.5 million through a fake version of Ledger Live.

Users are advised to:

Purchase devices only from Ledger or authorized resellers

Immediately run the Genuine Check after setup

A security researcher on Reddit has uncovered a fake Ledger Nano S+ being sold on a Chinese marketplace at the same price as the official device.

The counterfeit hardware looked legitimate from the outside, but an internal analysis revealed a generic ESP32-S3 chip by Espressif Systems instead of the secure element used in real Ledger devices. Some component markings were deliberately scraped off, and sensitive data, including PIN codes and seed phrases, were found stored in plain text in the device's firmware.

The attack does not rely on bypassing Ledger's security. The official Ledger Live app correctly detects the fake device through its built-in Genuine Check. The real threat comes from a QR code inside the packaging that redirects users to a cloned website resembling ledger.com. From there, users are pushed to download malicious versions of Ledger Live for Android, iOS, Windows, and macOS.

These fake apps show a hardcoded verification screen that does not actually check anything. In the background, they capture seed phrases and send them to attacker-controlled servers. The Android version also monitors wallet balances and intercepts communication between the device and the app.

The researcher linked the operation to a Shanghai-registered shell company set up specifically to sell on JD.com, with infrastructure supporting multiple distribution channels across desktop and mobile.

The scam appears to be designed to target first-time hardware wallet users, who are more likely to follow onboarding instructions, scan QR codes, and download software from links in the box.

Ledger has not issued a public statement, but a verified support account asked the researcher to file a formal report. Always buy hardware wallets from official sources and download software only from the official website.

#CryptoSecurity #Ledger #Cryptoscam #Web3Security #phishingscam

Comment fonctionne un Wallet Crypto 🔐

⚠️ Vérité n°1 : Ton wallet ne "stocke" pas tes cryptos

Tes cryptos sont sur la blockchain.
Ton wallet stocke uniquement les CLÉS
qui prouvent que tu en es le propriétaire.

Pas de clés = Pas de cryptos. Simple.

🔑 Les 2 clés essentielles :

📬 Clé Publique = ton IBAN crypto
→ Tu peux la partager à tout le monde
→ Permet de recevoir des cryptos

🔒 Clé Privée = ton mot de passe bancaire ULTIME
→ Ne la partage JAMAIS avec personne
→ Donne accès total à tes fonds

Si quelqu'un connaît ta clé privée
→ il peut vider ton wallet en quelques secondes

🌱 C'est quoi la Seed Phrase ?

C'est une liste de 12 à 24 mots générés aléatoirement.
Elle représente ta clé privée sous forme lisible.

Exemple fictif :
"apple moon river table silver ghost cloud..."

⚠️ Si tu perds ta seed phrase → tu perds tout
⚠️ Si quelqu'un la trouve → il prend tout

→ Note-la sur papier
→ Stocke-la dans un endroit sûr (pas en ligne, jamais)

🔥 Hot Wallet vs ❄️ Cold Wallet

🔥 HOT WALLET (connecté à internet)
→ Metamask, Trust Wallet, Phantom
→ Pratique pour les transactions quotidiennes
→ Risque : vulnérable aux hacks en ligne

❄️ COLD WALLET (hors ligne)
→ Ledger, Trezor
→ Idéal pour stocker de grosses sommes
→ Risque quasi nul si bien utilisé

Règle d'or :
"Petites sommes → Hot Wallet
Grosses sommes → Cold Wallet"

🏦 Exchange Wallet (Binance, Coinbase…)

Pratique pour acheter/vendre rapidement.
MAIS : tu ne contrôles pas tes clés privées.

✅ Les 5 règles de sécurité absolues :

1. Jamais ta seed phrase en ligne ou en photo
2. Vérifie toujours l'adresse avant d'envoyer
3. Utilise un hardware wallet pour >500$
4. Active la double authentification (2FA) partout
5. Méfie-toi des faux sites et phishing

📌 Ce post peut sauver tes cryptos. Sauvegarde-le !
♻️ Repost — ça peut éviter une catastrophe à quelqu'un
💬 Des questions sur les wallets ? 👇

#bitcoin #Ledger #BinanceSquare #CryptoFR

🚨 FAKE LEDGER WALLETS FLOOD MARKET SEED PHRASE THEFT TRAP EXPOSURE

A major cybersecurity warning is circulating as researchers flag counterfeit Ledger devices being sold on online marketplaces, designed specifically to steal crypto assets.

These fake hardware wallets are engineered to look identical to legitimate devices, but are pre-compromised to extract seed phrases during setup or trick users into revealing recovery data.

Once the seed phrase is exposed, attackers gain full, irreversible access to funds with no recovery possible, regardless of wallet type or chain.

What makes this threat more dangerous is the trust factor. Hardware wallets are widely considered one of the safest storage methods in crypto, which makes users less cautious during onboarding.

This is no longer just a phishing problem it’s a supply chain attack targeting physical devices themselves.

In crypto security, the weakest link is always the human step before self-custody is fully established.

And that’s exactly where these scams strike.

#CryptoSecurity #Ledger #Bitcoin #Hacks #Web3

🔥Usuarios pierden dinero por descargarse aplicación falsa en Apple 👀

Aunque suene un difícil de creer, esto en realidad sucedió. #Apple , la empresa de la manzana, ha confirmado que ha retirado una aplicación falsa que se hacía pasar por la aplicación oficial de la #billetera de #Criptomonedas #Ledger , esto después de que se
confirmara que más de 50 víctimas se vieron afectados con esta estafa, costándole dinero.

Un solo descuido te puede costar dinero en la auto custodia. Según un comunicado de Apple, menciona que la aplicación falsa de Ledger live ya había sido retirada el martes y el desarrollador de esa falsa aplicación también fue expulsado de la tienda de aplicaciones de Apple.

Fue un trabajo premeditado. El desarrollador de esta falsa aplicación utilizó la estrategia de “cebo y cambio” para engañar a usuarios y que instalaran esta falsa aplicación de Ledger Live. Una vez que tenían la aplicación instalada, los usuarios compartían sus frases semillas.

Según el investigador en cadena ZachXBT, descubrió que al menos 50 usuarios fueron víctimas de esta estafa entre el 7 y 13 de abril, llegando detectar pérdidas por alrededor de $ 9.5 millones de dólares. Una verdadera lástima.

¿Cómo proteges tus criptomonedas? ¿haces auto custodia o los guardas en un exchange centralizado?

👉Mas actualizaciones cripto ...
Comparte y sigueme para más 👈😎
$BTC

Apple just pulled a fake Ledger app, and $ENJ is now trading in a trust-first market ⚠️

Apple removing the scam app is a real credibility reset for crypto users, after more than 50 victims lost $9.5 million. When trust gets hit like this, liquidity tends to favor verified rails and the market quietly re-rates security risk before it re-prices anything else.

Not financial advice. Manage your risk and protect your capital.

#Crypto #Apple #Ledger #Security #Altcoins

Stay sharp.

Apple just pulled a fake Ledger app, and $ENJ traders should notice ⚠️

Apple’s removal of the scam app cuts off one of the cleaner retail traps, but the bigger signal is how easily trust can be weaponized through mainstream distribution channels. For institutions, this is a reminder that custody risk isn’t only on-chain; verification, app integrity, and endpoint security remain part of the trade.

Not financial advice. Manage your risk and protect your capital.

#Crypto #AppStore #Ledger #Security #Altcoins

$IN feels the ripple after Apple yanks a fake Ledger app

Apple pulling the counterfeit Ledger app after a $9.5M phishing scam is the kind of headline that makes liquidity pause. Whales usually let the panic settle, then rotate into the names the market starts to trust again, because once security becomes the story, capital stops chasing noise and starts pricing credibility.

Not financial advice. Manage your risk and protect your capital.
#Crypto #Ledger #Apple #Phishing #Security
✦

كشف ZachXBT مؤخرًا عن عملية احتيال ضخمة في مجال العملات الرقمية... وهي عملية بشعة.

تم ربط تطبيق مزيف باسم Ledger Live على متجر تطبيقات Apple بسرقة 9.5 مليون دولار من أكثر من 50 ضحية خلال الفترة من 7 إلى 13 أبريل.

👈 الشبكات المتأثرة: بيتكوين، إيثيريوم (EVM)، ترون، سولانا، وXRP

قام المستخدمون بتنزيل تطبيق خبيث ينتحل صفة Ledger Live... ومنحوا دون علمهم إمكانية الوصول إلى محافظهم الرقمية.

تم تحويل الأموال عبر أكثر من 150 عنوان إيداع على منصة KuCoin، المرتبطة بـ AudiA6، وهي خدمة غسيل أموال مركزية معروفة برسومها المرتفعة.

تفاصيل الخسائر:

٩ أبريل: سرقة ٣.٢٣ مليون دولار (USDT)
١١ أبريل: سرقة ٢.٠٧ مليون دولار (USDC)
٨ أبريل: سرقة ١.٩٥ مليون دولار (BTC + ETH + stETH)
خسر أكبر ثلاثة ضحايا وحدهم مبالغ طائلة بلغت سبعة أرقام لكل منهم.

⚠️ تم حذف التطبيق المزيف، لكن الضرر قد وقع بالفعل.

💭 يثير هذا الأمر تساؤلات جدية:

كيف اجتاز تطبيق محفظة مزيف مراجعة متجر التطبيقات؟

هل يمكن أن يؤدي هذا إلى اتخاذ إجراءات قانونية ضد شركة آبل؟

هذه إحدى أكبر سرقات العملات الرقمية المرتبطة بمتجر التطبيقات في الأشهر الأخيرة. كن حذرًا.$BTC
$ETH
$XRP
#Ledger #BTC #Binance

🚨🚨 FALSA APP LEDGER SU APPLE STORE RUBA TUTTI I BTC DI UN MUSICISTA 🚨🚨

Un’app falsa che si spacciava per Ledger Live è stata pubblicata sul Mac App Store di Apple e ha permesso di svuotare in pochi secondi l’intero portafoglio Bitcoin di Garrett Dutton, noto come il musicista G. Love.
L’utente ha scaricato ciò che sembrava il wallet ufficiale, ha inserito la sua 24‑word seed phrase e ha perso quasi 5,92 BTC, circa 424.000 dollari, pari a un decennio di risparmi pensati per il pensionamento.

L’investigatore on‑chain ZachXBT ha tracciato gli indirizzi di deposito e ha mostrato che i fondi sono stati rapidamente trasferiti su wallet di KuCoin, evidenziando quanto sia fragile la sicurezza quando un utente sbaglia solo un clic.
Il caso riaccende il dibattito sulla moderazione degli app store: se pure piattaforme come Apple non impediscono la pubblicazione di app malevole, gli utenti devono verificare sempre gli sviluppatori e scaricare i wallet solo dai siti ufficiali.

Per gli holder, la lezione è chiara: la tua seed phrase va condivisa solo con il tuo vero hardware wallet, mai con un’app di terze parti, anche se sembra “perfetta”. Ogni errore è zero tolleranza, e il rischio è di perdere tutto in un solo istante.
#breakingnews #Apple #Ledger #hacking

Fake Ledger Live scams just burned $9.5M, and $MYX is your reminder that one wrong click can wipe out a wallet 🔒

This wasn’t a market move, it was a trust attack: fake apps copied the Ledger Live look, tricked users into entering seed phrases, and then swept funds fast. The takeaway for serious traders is simple: liquidity is still moving, but attackers are targeting human error, so security hygiene is now part of the alpha.

Not financial advice. Manage your risk and protect your capital.

#CryptoSecurity #ScamAlert #Web3 #Crypto #Ledger
✦

$BTC just got a brutal reminder: one fake app can drain millions ⚡

A counterfeit Ledger Live app on Apple’s App Store reportedly hit more than 50 victims for $9.5 million in just a week, with the stolen coins spanning Bitcoin, EVM chains, Solana, and Ripple. The laundering path through 150+ KuCoin deposit addresses and a high-fee mixer shows how quickly illicit liquidity can be scattered, and why institutions treat wallet hygiene as a balance-sheet risk, not just a retail problem.

Not financial advice. Manage your risk and protect your capital.

#Bitcoin #CryptoSecurity #Blockchain #Apple #Ledger

⚡

Американский музыкант Гарретт Даттон потерял 5.9 #BTC на $420 000 после того, как установил поддельное приложение #Ledger и сам ввёл в него свою сид-фразу 😐

Хакеры почти сразу вывели монеты через девять транзакций на адреса, связанные с биржей #KuCoin .

Недавно мы предупреждали, что мошенники всё чаще продают поддельные аппаратные кошельки с уже заданной сид-фразой — через время они просто выводят средства.
$BTC
$ETH
$RAVE
#StrategyBTCPurchase #MarketCorrectionBuyOrHODL?

🚨 FAKE LEDGER APP ON APPLE STORE DRAINS $424K IN BITCOIN

A fake “Ledger Live” app on the Apple Mac App Store has reportedly wiped out a user’s entire Bitcoin holdings.

American musician Garrett Dutton lost 5.92 $BTC ($424,000) after downloading the app and entering his 24-word seed phrase, unknowingly handing full access to attackers.

On-chain investigator ZachXBT traced the stolen funds to exchange deposit addresses and raised serious questions about how the malicious app bypassed Apple’s review process.

Apple has not issued a public statement yet.

This incident highlights one of the most dangerous attack vectors in crypto today not protocol hacks, but user-level deception through fake apps.

Even when custody tools are trusted, the weakest link remains human behavior under social engineering pressure.

A single seed phrase entry is enough to completely override all technical security layers.

What makes this case more alarming is the distribution channel an official app marketplace, not a random website or phishing link.

It raises a bigger question about platform responsibility versus user responsibility in protecting digital assets.

As crypto adoption grows, so does the sophistication of impersonation attacks targeting wallets, exchanges, and security tools.

Security in crypto is no longer just about code… it is about attention.

#Bitcoin #Ledger #Crypto #Hacks #Security $BTC

🚨 Crypto Alert..A shocking security breach just rocked the crypto space…Fake App Drains Entire BTC Wallet 🚨
An American musician, Garrett Dutton, reportedly lost 5.92 BTC (~$424K) after downloading a fake Ledger Live app from Apple’s Mac App Store. The app looked identical to the official one but it was a trap.
⚠️ After entering his 24-word seed phrase, his entire wallet was instantly drained.
On chain investigator ZachXBT has already traced the stolen funds and is raising serious concerns about how such a malicious app passed Apple’s security checks.
❗ Reminder: NEVER share your seed phrase no legitimate app will ever ask for it.
No official response from Apple yet…
Stay safe. Stay alert.

#CryptoScamAlert #BitcoinSecurity #Ledger #CryptoNews #StaySafe $BTC

$GIGGLE gets a reality check as a fake Ledger app turns one seed phrase into a $424K loss ⚠️

A Mac App Store imposter quietly drained 5.92 BTC after the user entered their seed phrase, showing how fast confidence can vanish when security cracks open. These kinds of losses don’t just hit one wallet — they can slow risk appetite, shake retail trust, and remind the market that whale movement often starts with fear, not hype.

Not financial advice. Manage your risk and protect your capital.

#Crypto #Bitcoin #Ledger #Security #BTC

✅

🚨 WARNING! Fake Ledger App on Mac App Store Steals $424,000

American musician G. Love lost 5.92 BTC (approx $424,000) after downloading a counterfeit "Ledger" app directly from the Apple Mac App Store 📉💸

🕵️‍♂️ How the Scam Worked

- The fake app tricked him into entering his 24-word Seed Phrase on the computer screen.
- Once entered, hackers instantly drained the funds and sent them to KuCoin via multiple transactions.

⚠️ Critical Security Rules

- ALWAYS download Ledger Live only from ledger.com.
- NEVER type your Seed Phrase on any computer or phone software.
- Genuine Ledger setup requires entering keys only on the device screen itself.

📈 Market Impact

Outlook: Bearish 🔴
This incident raises serious questions about Apple's app review process and erodes trust in self-custody for new users.

#Ledger #Scam #Security #Bitcoin #Apple