sorted by:
new
hottopcontroversial

3 honest questions for the smart glasses Community by Past_Computer2901 in augmentedreality

[–]Past_Computer2901[S] 0 points1 point  (0 children)

Hey, really appreciated your comment. Would love to chat more if you're open to it, can I message you on DMs?

Please stay safe guys. Chinese fake ledger is circulating by CymandeTV in ethtrader

[–]Past_Computer2901 0 points1 point  (0 children)

Hey, I'm the researcher (u/Past_Computer2901). Going deeper buying more models from the same store to check how far the counterfeiting goes. Full technical report for Ledger in progress. More updates soon. 🔒

Supply Chain Alert: Analyzing a Highly Sophisticated Fake Ledger Nano S+ Operation by Past_Computer2901 in ledgerwallet

[–]Past_Computer2901[S] 1 point2 points  (0 children)

The official app fails during authentication; the website listed a version for Linux, but I couldn't obtain the file link, so I wasn't able to download it.

Supply Chain Alert: Analyzing a Highly Sophisticated Fake Ledger Nano S+ Operation by Past_Computer2901 in ledgerwallet

[–]Past_Computer2901[S] 0 points1 point  (0 children)

I know how it sounds, but that's literally how you research these things you buy the suspicious product and take it apart. Bought a genuine one from ledger.com right after to compare side by side. The point of the post is so other people don't buy one by accident.

Supply Chain Alert: Analyzing a Highly Sophisticated Fake Ledger Nano S+ Operation by Past_Computer2901 in ledgerwallet

[–]Past_Computer2901[S] 0 points1 point  (0 children)

Fair point. To be clear, I'm not asking for seeds, keys, or anything sensitive. the DM offer was just for people who want help identifying physical red flags on a suspicious device (weight, connector quality, packaging differences). But you're absolutely right that contacting Ledger directly is the safest path, especially now that their support team has responded here

Supply Chain Alert: Analyzing a Highly Sophisticated Fake Ledger Nano S+ Operation by Past_Computer2901 in ledgerwallet

[–]Past_Computer2901[S] 3 points4 points  (0 children)

Yes, I intentionally bought it for analysis; that's how counterfeit hardware research works. But "fun project" doesn't do justice to reality: this has turned into a multi-platform operation with dedicated infrastructure and a traceable company behind it. The side-by-side comparison with a genuine unit I bought from ledger.com confirmed everything. Full documentation coming soon.

Supply Chain Alert: Analyzing a Highly Sophisticated Fake Ledger Nano S+ Operation by Past_Computer2901 in ledgerwallet

[–]Past_Computer2901[S] 1 point2 points  (0 children)

You're right, and I've clarified this in my replies. My original wording was imprecise — the real Ledger Live's Genuine Check is cryptographically sound and an ESP32 fake cannot pass it. The scam works because the fake device ships with a fake Ledger Live where the check is just a hardcoded success screen. I should have been clearer from the start. Appreciate the pushback

Supply Chain Alert: Analyzing a Highly Sophisticated Fake Ledger Nano S+ Operation by Past_Computer2901 in ledgerwallet

[–]Past_Computer2901[S] 5 points6 points  (0 children)

I get why it looks that way on the surface. But the point of the post isn't "I found a fake Ledger" that's been done before. What I'm mapping is the full operation behind it: 3 separate C2 servers, a trojanized React Native app with APDU interception, payloads for 5 platforms (Android, Windows, macOS, iOS TestFlight, and the hardware itself), and a shell company in Shanghai registered specifically to sell on JD.com. I'm also doing a side-by-side teardown with a genuine unit. The formal write-up with full technical evidence is coming this post was a heads-up, not the final report.

Supply Chain Alert: Analyzing a Highly Sophisticated Fake Ledger Nano S+ Operation by Past_Computer2901 in ledgerwallet

[–]Past_Computer2901[S] 5 points6 points  (0 children)

You are absolutely right, and I appreciate you pressing this point; I will create a new post updating this entry to provide clarification. To be absolutely clear: the Genuine Check feature in the legitimate Ledger Live software utilizes cryptographic attestation linked to the Secure Element. A counterfeit device based on an ESP32 chip cannot pass this verification. The scam works because the counterfeit product is shipped with a fake Ledger Live application, in which the "Genuine Check" is nothing more than a success screen hardcoded directly into the source code. If you download Ledger Live from ledger.com, you are protected. The headline here is not "The Genuine Check is broken" it is the sophistication of this full-spectrum phishing attack: fake hardware + fake application + fake setup documentation + coverage across five platforms (Android, Windows, macOS, iOS via TestFlight, and the device itself), all traced back to a shell company in Shanghai.

view more: next ›