The Fake Hardware Wallet Scam

The fake hardware wallet scam has cost Bitcoin holders significant amounts — and it’s entirely preventable with one simple rule.

Here’s how it works. An attacker purchases hardware wallets from a legitimate manufacturer, modifies them, and resells them through marketplaces, second-hand sites, or even directly as new products at discounted prices.

The modification can take several forms. The most common: the seed phrase is pre-generated by the attacker and included with the device — written on a card inside the box, styled to look like an official setup instruction. The victim initialises the device using the attacker’s pre-generated seed phrase. The attacker, who knows those words, monitors the associated addresses. When Bitcoin is deposited, the attacker sweeps it immediately.

A more sophisticated version: the firmware is modified to send the generated seed phrase to the attacker during setup, without the user’s knowledge.

The defence is simple: buy only from official manufacturer websites. Ledger.com. Trezor.io. Never from Amazon, eBay, or any third-party seller. The price difference between an official device and a discounted third-party one is trivial compared to the risk.

A secondary rule: a legitimate hardware wallet will never include a pre-written seed phrase in the box. The device generates the seed phrase itself, on the device, during initialisation. If a seed phrase arrives pre-written on any piece of paper inside the packaging — the device has been compromised. Return it immediately.

These rules are simple. The scam only works on people who don’t know them.

Tomorrow: scam deep dive — the social engineering attack.

— The Daily Bit