A new sophisticated instance of phishing attacks is targeting users of Ledger crypto wallets. Scammers are sending convincing physical letters that impersonate Ledger, urging recipients to disclose their private recovery phrases under the disguise of a critical security update.
Beware of the Letters from Ledger Scammers
Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.
Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt
— Jacob Canfield (@JacobCanfield) April 28, 2025
The fraud came to light on April 29 when tech analyst Jacob Canfield posted an image of one such letter on X. The envelope, which arrived at his home, bore Ledger’s logo, company address, and a fake reference number, all designed to look official. Inside, recipients are instructed to scan a QR code and input their 24-word recovery phrase—an action that would give attackers full access to the victim’s crypto assets.
“Failure to complete this mandatory validation process may result in restricted access to your wallet and funds,” the letter issued the warning.
The tactic represents a dangerous evolution in phishing, which combines traditional mail with the psychological pressure tactics common in online scams. A seed phrase, also known as a recovery phrase, is the most sensitive piece of data associated with a cryptocurrency wallet. If stolen, it grants total control of the funds inside.
Reports of similar mailings have surfaced in recent weeks. A crypto wallet reseller on X said earlier this month that it had heard from multiple customers receiving near-identical letters.
In a response to Canfield’s post, Ledger confirmed that the letter is a scam and reiterated a long-standing warning: “Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam.” The company urged users to avoid interacting with anyone claiming to be a Ledger representative offering to recover lost funds.
The source of the mailing list remains unclear, but Canfield and others have speculated the letters may be tied to a 2020 data breach in which hackers accessed the personal information of over 270,000 Ledger customers, including names, phone numbers, and home addresses. That breach has been linked to earlier scams involving tampered Ledger devices sent via mail.
The resurgence of these attacks highlights the long tail of crypto-related data leaks—and the ongoing risks for affected users years after the fact.
Also Read: Emblem Vault CEO Hit By Zoom Phishing Crypto Attack, Over $100K Crypto Lost
