Scammers are targeting Ledger wallet users with a sophisticated phishing campaign by sending physical mail disguised as official company correspondence.
These fraudulent letters misuse Ledger's brand, logo, and official address, requesting users to provide their 24-word recovery phrase under the pretext of an "important security update". These letters threaten to restrict wallet access if instructions are not followed.
Crypto Users Warned About Phishing Scam Involving Fake Ledger Mail
Trader Jacob Canfield exposed this scam through a post on X (formerly Twitter), highlighting the alarming authenticity of the letter.
The phishing letterdated 04/04/2025 instructs recipients to scan a QR code to enter their recovery phrase. The fake letter claims this will ensure continuous wallet access, adding urgency to the scam.
"Failure to complete this mandatory verification process may result in restricted access to your wallet and assets. This security measure is necessary to protect the platform's integrity and user assets," the fraudulent letter states.
According to Canfield, this scam likely exploits a major data breach Ledger experienced in July 2020. Hackers leaked personal information of approximately 272,000 users, including names, phone numbers, and postal addresses.
This stolen data seemingly helped scammers target Ledger users with personalized physical letters, enhancing the legitimacy of their fraud attempt.
Notably, Ledger has issued an official response, confirming the letter is a scam. The post emphasized that the company never requests recovery phrases via phone calls, messages, or other means.
"Always remember: Ledger will never call, message, or request your 24-word recovery phrase. If someone does, it's a scam. Be careful and keep your cryptocurrency safe," the statement said.
The company urges users to be vigilant against fraud attempts. Ledger also assures users that their hardware wallets and assets remain safe, as devices are designed to keep private keys separate from vulnerabilities.
Notably, the shift to physical mail represents a concerning development in cryptocurrency scams, which previously relied on digital channels like email or SMS.
Canfield emphasized the potential impact on less tech-savvy individuals, especially older users who may be more vulnerable to such tactics. He called on Ledger to proactively notify its customers through official channels to prevent further exploitation.
This latest scam adds to the long list of fraud attempts targeting cryptocurrency users. Recently, an SMS scam targeted some Binance users.
Additionally, BeInCrypto reported that fake emails were sent to Gemini users. The email instructed them to withdraw funds to an Exodus wallet. It falsely claimed Gemini had filed for bankruptcy and even provided a seed phrase. This was an attempt to trick users into compromising their wallets.
