The thief opens a new front for cryptocurrency users, and the regular mailing of the letter is directed to the owner of the billing hardware wallet.
According to a report released by social media site X on April 29, the letters misleadingly told recipients that they need to confirm their private seed phrases for a “critical security update.”
Physical letter counterfeit official newsletter
Tech Pundit Jacob Canfield discovered the scam when he received a letter to his home address. The scammers use Ledger’s official logo and business address, and also use reference numbers to make it look legal. It tells the recipient to scan the QR code and enter a private recovery phrase for their wallet, and states that this will authenticate their device.
The letter adopts pressure measures, threatening: “Failure to complete this required verification process may result in limited use of your wallet and funds.”
Security professionals warn that anyone who does so will essentially hand over all control of their crypto assets to cybercriminals.
Break: New scam meta launch. Now they send physical letters to @ledger Due to security risks, the address database leak requests “upgrade”.
Be very cautious and warn you that any friends or family members in cryptocurrencies are not that savvy. pic.twitter.com/xouagqbjxt
— Jacob Canfield (@jacobcanfield) April 28, 2025
Recovery Phrase: The Key to Encrypting Kingdom
Seed phrases or recovery phrases are lists of up to 24 words, which are the primary keys of cryptocurrency wallets. Anyone who owns this sentence can have complete control over the corresponding wallet and be able to send all funds to other wallets. These phrases are very valuable to the scammer’s goals.
The hardware wallet company also confirmed that the letters were fake. Following Canfield’s post, Ledger made the following statement:
“Ledgers never make calls, DM [direct message]or request your 24-word recovery phrase. If that happens, it’s a scam. ”
The company also warns customers not to interact with anyone who claims to be a classified account or provides fund recovery assistance.
A seed phrase sample. Source: Unchained Capital.
Possible connection to previous data breaches
The email scam can link to major security hacks that happened nearly five years ago. The hackers damaged Ledger’s database in July 2020 and revealed personal details of more than 270,000 customers.
This is not the first time a criminal has used physical emails to target users of cryptocurrencies. In the 2021 irritable computer report, some ledger users reported receiving fake ledger devices in emails. These fake devices are programmed to discard malware when plugged into a computer.
BTCUSD trading in the $95,158 region on the 24-hour chart: TradingView.com
The stolen data includes name, phone number and residence address – the data that is feasible for this email scam.
Canfield posted the link in his social media announcement stating that the scammers appear to be targeting ledger users whose information has been violated.
The latest email scam is a development of strategy that mixes traditional email fraud with cryptocurrency theft strategies.
Security researchers recommend that the owner of hardware wallets keep in mind that even if the message appears to be formal, any legal company will never ask for a recovery phrase under any circumstances.
Featured images from San Antonio Joint Base, Charts from TradingView
Editing process For Bitcoin experts, focus on thorough research, accurate and impartial content. We adhere to strict procurement standards and each page is diligently evaluated by our top technical experts and experienced editorial team. This process ensures the integrity, relevance and value of our content to our readers.
