TLDR
- Scammers are mailing physical letters to Ledger hardware wallet owners asking for recovery phrases
- Letters claim users need to perform a “critical security update” and scan a QR code
- The scam appears to be using data from a 2020 Ledger database breach that exposed 270,000 users’ information
- Ledger confirmed these are fraudulent attempts and warned users to never share recovery phrases
- This follows previous scams including fake Ledger devices mailed to users in 2021
A new phishing campaign targeting Ledger hardware wallet owners has emerged, with scammers sending physical letters through the mail requesting users’ private recovery phrases. Tech commentator Jacob Canfield revealed the scam on April 29 when he shared an image of a letter he received that claimed to be from Ledger’s security team.
Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.
Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt
— Jacob Canfield (@JacobCanfield) April 28, 2025
The fraudulent letters use Ledger’s logo and business address to appear legitimate. They claim users need to perform a “critical security update” on their devices by scanning a QR code and entering their private recovery phrase. The letters even include a reference number and threaten that “failure to complete this mandatory validation process may result in restricted access to your wallet and funds.”
Ledger has confirmed these letters are scams. The company warned users on social media that they should never share their 24-word recovery phrases with anyone. “Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam,” the company stated.
You are correct, this is a scam. We appreciate your efforts to warn others. Please stay vigilant against phishing attempts. Scammers impersonating Ledger and Ledger representatives are unfortunately common. While we actively report and block scammers, we can't control what…
— Ledger (@Ledger) April 29, 2025
Connection to Previous Data Breach
The scam appears to be linked to a major data breach Ledger suffered in 2020. In that incident, a hacker accessed Ledger’s customer database and leaked the personal information of more than 270,000 users online. This exposed data included names, phone numbers, and home addresses.
Canfield suggested the scammers are using this leaked information to target Ledger customers directly through postal mail. This tactic represents an evolution of crypto scams from purely digital methods to physical mail.
This isn’t the first time scammers have used physical mail to target Ledger users. In 2021, following the data breach, some Ledger customers reported receiving fake Ledger devices in the mail. These counterfeit devices were tampered with and designed to install malware when connected to a computer.
Security experts remind crypto users that recovery phrases should never be shared with anyone under any circumstances. These phrases, also called seed phrases, are strings of up to 24 words that provide complete access to a crypto wallet. Anyone who obtains this phrase can access and control the associated wallet to transfer funds.
The frequency of these scams highlights the importance of user education in the cryptocurrency space. Crypto wallet companies continuously remind users about proper security practices.
Users who receive suspicious communications claiming to be from Ledger should report them to the company and avoid engaging with the content. Ledger states that it will never ask for recovery phrases through any communication channel – including physical mail.
The company has advised customers to stay vigilant against all forms of phishing attempts. Legitimate hardware wallet companies do not request recovery phrases for updates or any other purpose.
For Ledger users concerned about potential exposure from the past data breach, security experts recommend being extra cautious about any communications claiming to be from the company.
Cryptocurrency holders are advised to store their recovery phrases offline in secure locations and never digitize them or share them with anyone, regardless of how official the request may seem.
Ledger has been dealing with various security challenges over the years, including supply chain attacks and numerous phishing campaigns targeting their users.
As Canfield noted in his post about the scam, Ledger may need to update their standard warning to include letters alongside direct messages and phone calls as methods scammers use to target their customers.
The physical letter scam represents how crypto thieves are becoming more sophisticated in their approaches to stealing digital assets.
Stay Ahead of the Market with Benzinga Pro!
Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
- Breaking market-moving stories before they hit mainstream media
- Live audio squawk for hands-free market updates
- Advanced stock scanner to spot promising trades
- Expert trade ideas and on-demand support
