Scammers have begun sending physical letters to Ledger wallet owners, requesting their seed phrases. Under the pretense of an urgent security update, they attempt to gain access to users’ wallets.
Physical Mail Sent on Behalf of Ledger
On April 29, tech blogger Jacob Canfield posted a photo on X of a fake letter he received at his home by mail. The letter is formatted using the Ledger logo, its official address, and a unique case number. It contains a warning about a “critical security update” and instructs the recipient to scan a QR code to verify their device.
Upon visiting the linked website, users are asked to enter their seed phrase, allegedly to confirm ownership of the wallet. The letter also claims that access to funds may be restricted if the verification is not completed.
Scam Follows an Old Data Leak
The seed phrase is the primary method of accessing a crypto wallet. If compromised, it gives an attacker full control over the assets. Canfield speculated that the letters are being sent based on the 2020 Ledger customer data leak.
At that time, a hack led to the publication of personal data of over 270,000 Ledger clients, including names, phone numbers, and home addresses. Already in 2021, there were reports of fake Ledger devices being mailed to users, modified to install malicious software.
Ledger’s Official Response
In response to Canfield’s post, Ledger stated that it had no connection to the mailings and called the letters phishing attempts. The company reminded users that it never asks for recovery phrases through messages, phone calls, or mail. Ledger representatives also warned against interacting with accounts posing as company staff or offering to help recover access to funds.
Company officials emphasize that any request for a seed phrase is fraudulent.
This post is for informational purposes only and is not an ad or investment advice. Please do your own research making any decisions.
