Ledger Users Beware: Old-School Seed Phrase Mail Scam Makes a Comeback

Crypto scammers dust off their playbook—snail-mail phishing attacks now target Ledger wallet users. No fancy tech here, just envelopes and lies.

How it works: Victims receive physical letters mimicking official Ledger correspondence, demanding seed phrase ’verification.’ Classic social engineering—with a stamp.

Security teams confirm these aren’t data breaches but targeted attacks preying on newbies who still think banks are the safest place for money.

Bottom line: Your seed phrase stays offline. Unless you’re sending it to scammers via postage-paid reply envelopes—then by all means, help them retire early.

Ledger Scam Letter Mimics Official Mail With Logo and Reference Number

The professionally designed letter included Ledger’s logo, a return address, and a reference number to lend credibility.

It warned that failure to complete the “validation” could result in restricted access to the user’s funds—an intimidation tactic meant to spur action.

Ledger responded directly to Canfield’s post, confirming the letter was fraudulent and part of a phishing attempt.

“Ledger will never ask for your 24-word recovery phrase,” the company reiterated, advising users not to trust unsolicited messages or individuals claiming to be Ledger representatives.

Seed phrases, often 12 to 24 words long, are the most sensitive component of a crypto wallet. Anyone who gains access to them can take full control of a user’s assets.

Some community members suspect the scam stems from Ledger’s infamous 2020 data breach, when the personal information of over 270,000 customers—including names, emails, and home addresses—was leaked online.

You are correct, this is a scam. We appreciate your efforts to warn others. Please stay vigilant against phishing attempts. Scammers impersonating Ledger and Ledger representatives are unfortunately common. While we actively report and block scammers, we can’t control what…

That incident was followed by numerous phishing campaigns, including one in which tampered Ledger devices were mailed to victims to install malware.

The recent mail scam appears to be another tactic targeting those affected by the breach, showing how long the consequences of data leaks can linger in the crypto world.

Phishing Scam Targets Coinbase, Gemini Users

In March, several crypto users flagged sophisticated phishing scam emails, which targeted Coinbase and Gemini users with legit-looking fraudulent emails.

The mass email reportedly arrived in various user inboxes on Saturday. The scam mail pointed to a class action lawsuit against Coinbase for allegedly involving in unregistered securities, adding that the court has mandated users to convert their assets into self-custody wallets.

Further, the mail also stressed that the deadline to transfer user assets to a self-custodial wallet is April 1st, 2025.

As reported, in the first three months of 2025, the crypto ecosystem lost a whopping $1,635,933,800 across 39 incidents, according to the blockchain security platform Immunefi.

The report claimed, “Q1 2025 marks the worst quarter for hacks in the history of the crypto ecosystem.”

Most of that was the result of only two hacks of two centralized exchanges. Phemex suffered a $69.1 million loss in January, while Bybit lost $1.46 billion in February.

Subsequently, the total number of losses in the first quarter marks a 4.7x increase compared to Q1 2024. At that time, hackers and fraudsters stole $348,251,217.

Notably, experts assume that the infamous North Korean Lazarus Group is behind the two largest attacks. They stole $1.52 billion, which is 94% of total losses.