Fraudulent Mail Campaign Targets Ledger Hardware Wallet Owners
Ledger hardware wallet users are being targeted in a sophisticated scam campaign involving physical letters sent through the mail — urging recipients to enter their 24-word recovery phrases under the guise of a “critical security update.”
The phishing attempt came to light after tech commentator Jacob Canfield shared an image of one such letter in an April 29 post on X (formerly Twitter). The letter appeared professionally crafted, complete with the Ledger logo, corporate address, and a reference number, in an effort to impersonate official communication from the crypto hardware wallet maker.
Seed Phrase Theft Disguised as Device Validation
The letter falsely claims that a “mandatory validation” is required for security purposes and instructs recipients to scan a QR code that leads to a fake website where users are prompted to enter their wallet’s seed phrase.
“Failure to complete this mandatory validation process may result in restricted access to your wallet and funds,” the letter warns.
Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.
Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt
— Jacob Canfield (@JacobCanfield) April 28, 2025
Seed phrases, also known as recovery phrases, are a critical part of cryptocurrency wallet security. Anyone with access to a user’s 24-word phrase can fully control the wallet and transfer its contents — making it the ultimate target for scammers.
Ledger Responds: “Never Share Your Seed Phrase”
In response to Canfield’s warning, Ledger confirmed the letters are fraudulent, urging users to ignore all requests for their recovery phrases, regardless of how official the communication may seem.
“Ledger will never call, DM, or ask for your 24-word recovery phrase,” the company reiterated in an official post.
“Please don’t engage with accounts claiming to be Ledger employees or anyone offering to help recover funds.”
Ledger also reminded users to remain alert for phishing attempts and to verify communications only through official channels.
Possible Link to 2020 Data Breach
Canfield speculated that the letters may be targeting users whose personal data was exposed in Ledger’s 2020 data breach, when a hacker leaked the names, phone numbers, and home addresses of over 270,000 customers.
This isn’t the first time scammers have exploited the breach. In 2021, several users reported receiving fake Ledger devices in the mail, which had been tampered with to install malware and steal private keys upon use, according to cybersecurity outlet Bleeping Computer.
Final Thoughts: A New Frontier in Phishing — the Mailbox
While phishing attacks are common in the digital world, this campaign represents a dangerous escalation into real-world social engineering, using the postal system to instill a false sense of legitimacy.
Crypto users — especially hardware wallet holders — should remain extremely cautious and never share their recovery phrases with anyone under any circumstances. If something feels off, it probably is.
This incident underscores the ongoing risks posed by historical data leaks, and the need for hardware wallet users to remain vigilant — not just online, but offline as well.
