TLDR
Scammers are sending physical letters to Ledger hardware wallet owners requesting their seed phrases
The letters claim to be from Ledger and mention a “critical security update” requiring validation
The scam may be connected to a 2020 data breach that exposed personal information of 270,000 Ledger customers
Ledger confirmed these letters are fraudulent and warned users never to share recovery phrases
Similar physical scams have previously targeted Ledger users, including tampered devices sent by mail in 2021
A new phishing scam targeting cryptocurrency holders has emerged, with scammers sending physical letters to owners of Ledger hardware wallets in an attempt to steal their funds. The letters, which appear to be from Ledger, ask users to validate their private seed phrases for a supposed “critical security update.”
Tech commentator Jacob Canfield exposed the scam on April 29, 2025, when he shared images of a letter he received at his home address. The fraudulent document uses Ledger’s logo and business address to appear legitimate.
The scam letter instructs recipients to scan a QR code and enter their wallet’s private recovery phrase. It warns that “failure to complete this mandatory validation process may result in restricted access to your wallet and funds.”
Ledger quickly responded to Canfield’s post, confirming that the letter is a scam. The company reminded users that they will “never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam.”
Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.
Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt
— Jacob Canfield (@JacobCanfield) April 28, 2025
A seed phrase, also known as a recovery phrase, is a string of up to 24 words that grants full access to a crypto wallet. Anyone who obtains this phrase can take control of the associated wallet and transfer all cryptocurrency holdings.
Connection to Past Data Breach
The scam appears to be targeting victims of a major data breach that occurred nearly five years ago. In July 2020, hackers breached Ledger’s database and exposed the personal information of more than 270,000 customers, including names, phone numbers, and home addresses.
This isn’t the first time scammers have used this leaked information for physical attacks. In 2021, some Ledger users reported receiving fake Ledger devices in the mail that were tampered with and designed to install malware when connected to a computer.
Canfield suggested that Ledger might need to update their standard security warning to include letters alongside direct messages and calls, given this new approach by scammers.
The cryptocurrency community has seen various phishing attempts targeting hardware wallet users over the years. However, physical mail represents an evolution in these attacks, potentially seeming more trustworthy to some users than digital communications.
Ledger acknowledged that “scammers impersonating Ledger and Ledger representatives are unfortunately common” in their response to the incident. The company continues to emphasize that they will never request recovery phrases under any circumstances.
A crypto hardware wallet reseller also reported multiple similar incidents earlier in April, indicating this may be a widespread campaign rather than isolated attempts.
Users of hardware wallets are advised to remember that legitimate companies will never ask for seed phrases through any communication channel – whether email, phone, direct message, or physical mail.
The latest scam serves as a reminder for crypto holders to remain vigilant against increasingly sophisticated phishing attempts that combine digital and physical approaches to appear more convincing.
The post Ledger Users Targeted by Physical Mail Scam Requesting Seed Phrases appeared first on Blockonomi.