Ledger Phishing Scam: Fake Letters Demand Recovery Phrases

Scammers are employing a new tactic to steal cryptocurrency: fraudulent physical letters mimicking official Ledger communications. These letters, designed to appear legitimate, urge users to provide their 24-word recovery phrases under the guise of a critical security update, threatening wallet access restriction otherwise.

Crypto Users Targeted by Physical Phishing Scam

This scam was exposed by trader Jacob Canfield on X (formerly Twitter). The letters expertly mimic Ledger's branding, logo, and official address, making them highly convincing. The alarming authenticity highlights the sophistication of this new phishing technique.

The fraudulent letters, dated April 4, 2025, instruct recipients to scan a QR code leading to a site where they are prompted to enter their recovery phrases. The letters falsely claim this action is necessary to maintain wallet access, creating a sense of urgency.

“Failure to complete this mandatory validation process may result in restricted access to your wallet and funds. This security measure is imperative to safeguarding the integrity of our platform and protecting user assets,” the fraudulent letter stated.

This scam likely exploits a 2020 data breach where hackers leaked personal information, including addresses, of approximately 272,000 Ledger users. This allows scammers to personalize the letters, increasing their effectiveness.

Ledger has officially confirmed the letters are fraudulent and emphasized they would never request recovery phrases through physical mail, phone calls, or other non-official channels.

“Always remember: Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam. Stay cautious and keep your crypto safe,” the company stated.

The shift from digital to physical phishing is a worrying trend. It is particularly dangerous to those less tech-savvy, including elderly users. Canfield has called on Ledger to proactively notify its users to prevent further exploitation.

Protecting Yourself from Crypto Scams

This incident underscores the importance of robust security practices. Never share your recovery phrases with anyone. Be wary of unsolicited communications, especially those demanding immediate action. Verify the authenticity of any communication directly through official channels before taking any action.

Codeum provides comprehensive blockchain security solutions, including smart contract audits, KYC verification, and custom smart contract development to help protect your crypto assets. Contact us today to learn more about how we can help secure your blockchain projects.

Disclaimer: This information is for educational purposes only and is not financial advice. Always conduct your own thorough research before making any decisions related to cryptocurrency.