TL;DR
- Ledger users have reported receiving fraudulent physical letters posing as official correspondence, requesting their 24-word recovery phrase via a QR code.
- The scam may be linked to the 2020 data breach that exposed the personal information of over 270,000 Ledger customers.
- While cyber threats evolve, this incident proves that traditional methods still pose serious risks in the crypto space.
The crypto world is facing an unusual but dangerous threat: old-school mail fraud. Several users of Ledger have reported receiving fake letters that closely mimic official communications from the company. These letters, complete with Ledger logos, reference numbers, and real-looking return addresses, urge recipients to carry out a so-called “critical security update.” The included QR code directs to a phishing site that asks for the user’s 24-word recovery phrase, a request that, if fulfilled, hands full control of the wallet to scammers.
The alarm was raised on April 29 when tech analyst Jacob Canfield shared a photo of the letter he received at his home on the social platform X. Ledger swiftly responded to his post, confirming the letter was part of a fraudulent campaign and reiterating that the company will never ask for users’ seed phrases. Ledger also warned users to ignore any unsolicited communication, whether digital or physical, that asks for sensitive information.
Lingering Effects of the 2020 Data Breach
This scam appears to be a continuation of fallout from the massive 2020 Ledger data breach, where personal information of hundreds of thousands of users, including names, emails, and home addresses, was leaked online. Since then, victims have been repeatedly targeted in various phishing attempts, including a wave of counterfeit Ledger devices sent by mail. The current scheme demonstrates just how long the impact of a data leak can haunt users in the crypto space.
The use of physical letters shows a strategic shift from cybercriminals, who are now leaning on real-world visuals and brand familiarity to bypass typical digital safeguards. In response, the crypto community has taken a proactive stance, sharing examples and warnings to help prevent more users from falling victim to these schemes.
Global Spike in Scams Underscores Importance of Informed Self-Custody
The first quarter of 2025 has been brutal for crypto security: losses exceeded $1.6 billion across 39 incidents, according to blockchain security firm Immunefi. While the largest hits came from centralized exchanges like Bybit and Phemex, phishing attacks like the Ledger letter scam are on the rise. Even users of Coinbase and Gemini recently reported receiving sophisticated fake emails disguised as legal notices tied to class action lawsuits.
Despite these attacks, the community continues to embrace self-custody as a tool for financial empowerment. But with power comes responsibility: never sharing the seed phrase and staying informed are the keys to avoiding the trap.
