hgtp://Bitfi

This hacker is trying to break into Trezors for $75 million The biggest wallet he's trying to hack holds $66 million in a single device Joe Grand spent 3 years refining a method to recover hardware wallets for people who locked themselves out years ago The technique came from a 15 year old in the UK who figured it out in his bedroom in 2017 and used it to save a Wired editor $30,000 9 years later the same exploit is saving MILLIONS from a single Trezor The most valuable lockpicking in history is happening out of a backyard lab

A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.

if you keep >0.5 BTC on a wallet in your home, watch this video 👇

BEWARE TRAVELING TO 🇭🇰 HONG KONG WITH BITCOIN HARDWARE WALLETS Hong Kong has updated enforcement rules under the National Security Law as of March 23, 2026. Refusing to provide passwords or decryption assistance to police is now a criminal offense, covering ALL personal devices including phones, laptops, and likely hardware wallets. The rule applies to everyone in Hong Kong, including US citizens, even if only transiting through the airport. Authorities also have expanded powers to seize and retain devices they claim are linked to national security investigations. Travelers are advised to understand the risks before entering or transiting through the region.

🚨 The Fake Ledger That Stole Everything (1/8) James* thought he was safe. He used a Ledger hardware wallet, kept his 24 words private, and followed every crypto security tip out there. Then one day… a package arrived. 🧵👇

My friend got robbed for $3M in $BTC yesterday. The guy broke in, pointed a Glock, and said: “Give me the seed, or you're dead.” Still think your Ledger makes you safe?👇