Skip to content
Explore the Latest in Smart TechCryptocurrency

Malicious Mail Scam Aimed at Ledger Users, Demanding Seed Phrases for Cryptocurrency Wallets

Cryptocurrency wallet holders are being targeted by scammers through fake emails that purport to be from Ledger, soliciting seed phrases for a supposed update in a fresh phishing strategy.

 and  Administrator
3 min read
Crypto wallet owners receiving fraudulent letters from scammers, claiming to be Ledger, and...
Crypto wallet owners receiving fraudulent letters from scammers, claiming to be Ledger, and demanding seed phrases for a supposed "critical update" in a newer phishing tactic.

Malicious Mail Scam Aimed at Ledger Users, Demanding Seed Phrases for Cryptocurrency Wallets

Gotcha! Scammers hitting up Ledger owners with legit-looking letters

Grab your popcorn, crypto enthusiasts! Scammers are pulling off a fresh, sneaky move, this time targeting owners of Ledger hardware wallets. They're sending physical letters that look legit, asking users to hand over their seed phrases in a "critical security update" ruse.

Digital sleuth, Jacob Canfield, sounded the alarm on April 29, 2025, posting images of a letter he received. The con-artist document tricks you by flashing Ledger's logo and business address. Tricking you, much?

But, hold up! The letter tells recipients to scan a QR code and spill their recovery password. It threatens that "if you don't complete this ASAP, you might find yourself locked out of your wallet and wallet-less funds." Cue the eye roll!

Ledger was quick to chime in, confirming the letter is bunk. The company made it clear that they will "never DM, call, or harass you for your 24-word recovery phrase. If someone does, it's a scam."

Now, what's a recovery phrase? It's a string of up to 24 words, also known as a recovery phrase, that's a one-way ticket to your wallet. Anyone who gets their hands on it can move your crypto around like it's their own.

Shady Connections To 2020 Data Breach

The scam is aiming for victims of an old data breach from 2020. Back then, hackers infiltrated Ledger's database, coming away with the personal deets of over 270,000 customers. Names, phone numbers, and home addresses were on the chopping block.

This isn't the first time hackers have used this nabbed intel for sneaky shenanigans. In 2021, some Ledger users got fake devices delivered, complete with malware. Yikes!

Canfield believes it's high time Ledger updates their security warning to include letters alongside calls and direct messages.

The crypto community has seen various phishing attempts targeting hardware wallet users over the years. But, the physical mail game is a new level of AC/DC on the phising circuit. Some folks might think they're more trustworthy than digital messages.

Ledger welcomed the call-out, admitting that "scammers posing as Ledger employees are as common as dust mites." They continue to stress that they'll never give a hoot about your recovery phrase.

An unnamed crypto hardware wallet reseller reported multiple similar incidents in April, hinting that this might be a widespread, full-blown operation, rather than just a few catfishes.

The skinny? Legit companies don't ask for your seed phrases. Period. So, whether it's email, phone calls, or physical mail, keep your secrets to yourself and stay safe!

Savvy Moves Against Phishing Scams

  1. Check the Source: Question any letters or emails that claim to be from Ledger. Legit Ledger comms won't give you the third degree about your recovery seed phrase. Watch out for misspelled names, funny business with addresses (e.g., "legder" or "lecgder"), and other red flags that could hint at a scam.[1][4]
  2. Keep Your Recovery Phrase Safe: The last thing you wanna do is share your 24-word recovery phrase. Ledger advises against it, plain and simple.[4]
  3. Beware of Urgent Messages: Scammers love deadline drama. They'll claim that if you don't comply, your access to your wallet will dry up. Remain skeptical and verify the legitimacy of the communication.[3][4]
  4. Connect Directly with Ledger Support: If you're having trouble, contact Ledger Support. Don't engage with self-proclaimed reps unless you've confirmed their identity through official channels.[4]
  5. Monitor for Physical Device Tampering: Never accept a physical device without double-checking for tinkering or funkiness. Stick to trusted sources![3]
  6. Stay Informed: Stay in the know by following Ledger's official social media accounts and updates on security issues.[5]

To sum it all up, crypto users can minimize their chances of being conned by staying sharp, following these precautions, and keeping their eyes peeled for suspicious behaviors.

  1. The recent scam targeting Ledger hardware wallet owners through physical letters highlights the need for cybersecurity vigilance in the cryptocurrency industry, underscoring the importance of fintech technology in mitigating such threats.
  2. In light of the scam, concerns about data breaches from previous years have resurfaced, as hackers use stolen information to carry out fraudulent activities, such as the 2021 incident involving fake Ledger devices contaminated with malware.
  3. With phishing scams becoming increasingly sophisticated, Companies like Ledger should expand their security warnings to include potential physical mail threats, emphasizing the crucial role of cybersecurity in fostering a secure fintech landscape.

Read also:

    Related

    Latest