Ledger Users Hit by Brazen Physical Phishing Scam—Attackers Now Snail-Mailing for Seed Phrases

Hardware wallet owners beware: Scammers have escalated from digital cons to old-school postal fraud. Victims report receiving authentic-looking letters impersonating Ledger—complete with ominous ’security breach’ warnings—demanding their 24-word recovery phrases.

Why it matters: Even air-gapped crypto isn’t safe when attackers go analog. This hybrid exploit bypasses firewalls by targeting human psychology at the mailbox.

The irony? Banks still insist crypto is the risky asset class—while their customers get phished via SMS like it’s 2009.

Canfield shares a scam letter from ‘Ledger’ requesting a QR scan

Breaking: New scam Meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.

Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt

— Jacob Canfield (@JacobCanfield) April 28, 2025

Ledger hardware wallet users have received ‘phishing’ letters posing as official correspondence, claiming an ‘urgent security update’ and asking users to scan a QR code–and follow on-screen instructions. Users were also asked to provide their 24-word private recovery phrase to steal control of their wallets. The company officially responded by calling the letters ‘a scam’ and stressed that the company will never request recovery phrases.

Tech commentator Canfield, on April 29th, shared a scam letter sent to his home via post that appeared to be from Ledger. The letter, which used the firm’s official logo, business address, and a reference number to feign legitimacy, claimed that he needed to immediately perform a ‘critical security update’ on his device. It also requested Canfield to scan a QR code and enter his wallet’s private recovery phrase to ‘validate his devices.’

“Be very cautious and warn any friends or family that you know is in crypto and is not that savvy.”

–Jacob Canfield 

Ledger said scammers impersonating the company and its representatives were ‘unfortunately common.’ The cold wallet firm also acknowledged that while it actively reported and blocked scammers, controlling what accounts—real or bots—chose to say in their emails, phone calls, bios, or usernames on X was impossible, adding that this remained an ongoing challenge across all platforms.

Ledger asks its customers to ‘stay vigilant’ against phishing attempts

Ledger officially recognized Mr. Canfield’s efforts to warn others and reminded its customers to stay vigilant against phishing attempts. Ledger reminded its users that it would never call, DM, or ask for any user’s 24-word recovery phrase, and anyone who did would be a scammer. However, Canfield noted that the company might need to update its warning to include letters alongside DMs and calls. 

The firm also claimed it designed its technology to keep its users’ crypto and private keys safe, regardless of external incidents. Ledger announced that its devices were purpose-built to keep digital assets secure and entirely under the control of the owners, always. It added that it updated its systems frequently to meet the highest security standards in an increasingly interconnected world. 

The hardware wallet provider finally asked owners of its devices not to engage with accounts claiming to be employees of the company or anyone offering to help recover funds.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now