Crypto Fraud Goes Postal: Ledger Customers Hit By Seed Phrase Scam

Thieves have opened a new front against cryptocurrency users with fake letters delivered by regular postal mail targeting owners of Ledger hardware wallets.

The letters misleadingly tell recipients they need to confirm their private seed phrases for a “critical security update,” according to reports posted on social media site X on April 29.

Physical Letters Impersonate Official Communications

Tech pundit Jacob Canfield uncovered the scam when he received such a letter to his home address. The scammers use Ledger’s official logo and business address, and also a reference number to make it look legitimate. It tells the recipients to scan a QR code and input their wallet’s private recovery phrase, stating that this will authenticate their device.

The letter uses pressure measures, threatening that “failure to complete this required validation process may lead to limited access to your wallet and funds.”

Security professionals caution that anyone who does this would be essentially surrendering total control of their cryptocurrency assets to cybercriminals.

Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.

Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt

— Jacob Canfield (@JacobCanfield) April 28, 2025

Recovery Phrases: Keys To Crypto Kingdoms

A seed phrase or recovery phrase is a list of up to 24 words that is the master key to a cryptocurrency wallet. Whoever comes into possession of this phrase has complete control of the corresponding wallet and is able to send all the funds to other wallets. These phrases are incredibly valuable for a target of scammers because of it.

The hardware wallet firm also confirmed the letters were fake. Ledger issued the following statement after Canfield’s post:

The firm also warned customers against interacting with accounts purporting to be Ledger staff or anyone that provides assistance with fund recovery.

The mail scam can be linked to a significant security hack that occurred close to five years back. Hackers in July 2020 compromised Ledger’s database and revealed the personal details of over 270,000 clients.

This is not the first time physical mail has been used by criminals to target users of cryptocurrency. In a 2021 Bleeping Computer report, several Ledger users reported receiving fake Ledger devices in the mail. Those fake devices were programmed to drop malware when plugged into a computer.

The stolen data comprised names, phone numbers, and residence addresses – data through which this mail scam would be feasible.

Canfield made this link in his social media announcement, pointing out that scammers seem to be targeting Ledger users whose information was hacked in that breach.

The most recent mail scam is a development in strategy, a mix of conventional mail fraud with cryptocurrency theft strategies.

Security researchers recommend that the owners of hardware wallets keep in mind that any legitimate firm will never request recovery phrases under any circumstances, even if a message appears to be official.

Featured image from Joint Base San Antonio, chart from TradingView