PANews reported on April 17th, citing Cointelegraph, that a Brazilian security researcher warned that a Ledger Nano S Plus device he purchased from a Chinese e-commerce platform was a sophisticated counterfeit designed to steal users' crypto assets. The device was priced the same as the official store, and the packaging and product page appeared legitimate, but it failed the "authentication verification" when connected to the official Ledger Live app. Disassembly revealed that the device's hardware and firmware had been tampered with, including embedded WiFi and Bluetooth antennas, and the chip markings had been scratched off. Researcher analysis of the firmware showed that the device, upon startup, displayed the manufacturer as Shanghai-listed Espressif Systems.

Researchers are advising users to only download LedgerLive from ledger.com and to only purchase hardware from ledger.com. If a device fails to pass authenticity verification, users should immediately stop using it. Earlier this month, more than 50 victims suffered losses totaling $9.5 million due to the leakage of mnemonic phrases from fake Ledger Live apps listed on the Apple App Store.