Ledger users are receiving physical ‘phishing’ letters asking for their recovery phrases

Scammers sent physical letters to the owners of Ledger crypto hardware wallets requesting them to validate their private 24-word recovery phrases with the aim of accessing and draining their wallets. The firm responded by saying the scam was common practice but reassured its customers that the devices were secure.

Ledger crypto hardware wallet owners like tech commentator Jacob Canfield received fraudulent letters from scammers asking for validation and submission of seed phrases. The letter threatened that ‘failure to complete this mandatory validation process may result in restricted access to your wallet and funds’.

Canfield shared screenshots of the letter asking him to ‘immediately’ take care of a security update, but failure to do so would lead to the ‘disruption’ of his device, restricting access to his wallet and funds. The tech commentator suggested that scammers were sending letters to customers whose data—the personal information of over 270K customers–was leaked nearly five years ago.

Earlier this month, a crypto hardware wallet reseller said they had also received multiple reports of Ledger users receiving a similar letter. Several other users reportedly received fake devices that were tampered with and designed to install malware upon use.

Canfield shares a scam letter from ‘Ledger’ requesting a QR scan

Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.

Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt

— Jacob Canfield (@JacobCanfield) April 28, 2025

Ledger hardware wallet users have received ‘phishing’ letters posing as official correspondence, claiming an ‘urgent security update’ and asking users to scan a QR code–and follow on-screen instructions. Users were also asked to provide their 24-word private recovery phrase to steal control of their wallets. The company officially responded by calling the letters ‘a scam’ and stressed that the company will never request recovery phrases.

Tech commentator Canfield, on April 29th, shared a scam letter sent to his home via post that appeared to be from Ledger. The letter, which used the firm’s official logo, business address, and a reference number to feign legitimacy, claimed that he needed to immediately perform a ‘critical security update’ on his device. It also requested Canfield to scan a QR code and enter his wallet’s private recovery phrase to ‘validate his devices.’

“Be very cautious and warn any friends or family that you know is in crypto and is not that savvy.”

–Jacob Canfield 

Ledger said scammers impersonating the company and its representatives were ‘unfortunately common.’ The cold wallet firm also acknowledged that while it actively reported and blocked scammers, controlling what accounts—real or bots—chose to say in their emails, phone calls, bios, or usernames on X was impossible, adding that this remained an ongoing challenge across all platforms.

Ledger asks its customers to ‘stay vigilant’ against phishing attempts

Ledger officially recognized Mr. Canfield’s efforts to warn others and reminded its customers to stay vigilant against phishing attempts. Ledger reminded its users that it would never call, DM, or ask for any user’s 24-word recovery phrase, and anyone who did would be a scammer. However, Canfield noted that the company might need to update its warning to include letters alongside DMs and calls. 

The firm also claimed it designed its technology to keep its users’ crypto and private keys safe, regardless of external incidents. Ledger announced that its devices were purpose-built to keep digital assets secure and entirely under the control of the owners, always. It added that it updated its systems frequently to meet the highest security standards in an increasingly interconnected world. 

The hardware wallet provider finally asked owners of its devices not to engage with accounts claiming to be employees of the company or anyone offering to help recover funds.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now