Ledger Users Targeted by Physical Phishing Scam

The crypto community has recently encountered a new and alarming form of scam that targets users through physical letters, rather than digital means. This scam involves sending fake letters to Ledger users, claiming that a critical security upgrade is necessary. The letters, which appear legitimate with Ledger branding and logos, instruct users to scan a QR code that leads to a phishing website. Once on the site, users are prompted to enter their 24-word seed phrase, which grants access to their crypto wallets. This method exploits the trust and fear of users, making it particularly effective.

This scam originated from a data breach of Ledger in 2020, where thousands of users' personal information, including addresses, was publicly revealed. Scammers are now using this information to send realistic-looking letters that appear to come directly from Ledger. The letters are printed on high-quality paper and include a QR code that directs users to a phishing site. Users are then convinced to enter their seed phrase, believing they are upgrading their security, when in reality, they are handing over their funds to the scammers.

Crypto safety extends beyond just passwords. Users should avoid scanning sketchy QR codes, clicking unknown links, or rushing into actions that feel urgent. It is crucial to pause, check, and stay secure. This scam is particularly dangerous because it preys on trust and fear. Physical letters carry more authority and urgency, especially when branded and worded professionally. The inclusion of a QR code makes it feel modern and secure, but it is anything but. Moreover, those who received this letter were specifically targeted from the Ledger addresses database leak, making the scam feel personalized and legitimate.

To identify and avoid this scam, users should be aware that Ledger will never ask for their 24-word recovery phrase via email, SMS, or physical mail. Other signs of a scam include urgent action demands, threatening language, QR codes or links to unfamiliar websites, requests to verify wallets or enter seed phrases, and typos or formatting issues in the letter. If a user receives such a letter, they should not scan the QR code or enter any private details. Instead, they should report it to Ledger support and discard the mail immediately.

Ask Aime: "Should I believe Ledger's security update scam?"

This scam is particularly dangerous for less tech-savvy crypto holders who may have invested in hardware wallets for security but are not familiar with phishing tactics. Early adopters of hardware wallets like Ledger are often long-term holders with significant assets, making them prime targets for a seed phrase scam. This threat is not just about individual loss; it is about community protection. The more people who are educated about this threat, the fewer wallets will be drained.

Ledger has officially acknowledged the issue and confirmed that these letters are not from them. They have posted warnings on their website and social media channels, urging users to stay cautious. The company has also reminded users that their recovery phrase should never be shared with anyone, not even Ledger staff. Ledger is working on stronger user education efforts and has reportedly informed law enforcement about this physical scam wave. However, since the breach already exposed user addresses, there is no telling how many more letters could go out. That is why vigilance is the first line of defense.

This new evolution in phishing attacks marks a troubling development in crypto security threats and seed phrase scams. The Ledger phishing scam shows that criminals are willing to go the extra mile to steal crypto. If a user has received any suspicious physical mail from Ledger, they should not panic but also not engage with it. They should do their research, contact Ledger support, and most importantly, warn their network. Crypto may be digital, but this scam proves that threats can be very real and physical. The fight for security is no longer just online; it is at the doorstep.