Scammers are sending fake letters through the mail to Ledger crypto wallet holders asking them to confirm their recovery phrases. If someone falls for it and shares that information, the scammers can steal all the crypto stored in the wallet. On Apr. 29, tech expert Jacob Canfield posted on X about a scam letter he received in the mail.
The letter looked like it was from Ledger warning that he needed to urgently perform a “critical security update” on his device. The email, made to look official with Ledger’s logo, address, and even a fake reference number, tries to trick people into scanning a QR code and entering their wallet’s private recovery phrase.
It claims this is essential to “verify” the device, but it’s actually a scam. The letter threatens:
Failure to complete this mandatory validation process may result in restricted access to your wallet and funds.
Fake letters target Ledger wallet users
A seed phrase or recovery phrase is a list of up to 24 simple words that work like a master key to your crypto wallet. If someone else gets hold of it, they can fully access your wallet and transfer the funds wherever they want.
Earlier this month, a crypto hardware wallet reseller posted on X, saying it had also received several reports of Ledger users receiving the same letter.
In reply to Canfield’s post, Ledger called the letter a scam and warned its device users to be on the lookout for phishing attempts. Canfield mentioned that scammers have been sending letters to Ledger customers whose information was exposed in a data breach almost five years ago.
In July. 2020, a hacker gained access to Ledger’s database and leaked the personal details of over 270,000 customers online, including names, phone numbers, and home addresses. The next year, multiple Ledger users reported receiving counterfeit devices in the mail.
Bleeping Computer reported that scammers altered these fake devices to install malware when plugged in.
