🚨A Brazilian cybersecurity researcher exposed a large-scale scam operation by purchasing a "Ledger" hardware wallet on a Chinese marketplace — suspiciously cheap, and the packaging looked authentic from afar.

This is what he found after opening the device:
The "hardware wallet"
Inside the shell, there was a completely different chip — the kind you'd find in a cheap IoT gadget, not in a wallet designed to protect your crypto. The markings had been physically sanded off to hide what it really was.
The firmware pretended to be a real Ledger version that doesn't even exist (Ledger Nano S+ V2.1). And here’s the worst part: every seed phrase and PIN you entered was stored in plain text and sent directly to the attacker’s server (kkkhhhnnn[.]com). Instantly...
It was designed to drain wallets across approximately 20 different blockchains.
The fake app
The seller kindly included a "Ledger Live" app to go along with it. It was a modified copy — not even properly signed, the attackers didn’t bother with the basics — and silently siphoned data while you used it.
Just when you thought that was everything, the same team is also distributing malware for Windows, macOS, and even iOS — using TestFlight to completely bypass the Apple App Store review.
The researcher has sent a full report to Ledger’s security team. A more in-depth technical breakdown is expected once their analysis is complete.