Ledger Users Targeted by Sophisticated Phishing Scam

Coin WorldTuesday, Apr 29, 2025 10:04 pm ET
2min read

Scammers are targeting Ledger crypto hardware wallet owners by sending physical letters that appear to be from the company, requesting users to validate their private seed phrases. This deceptive tactic aims to gain unauthorized access to users' wallets and steal their digital assets.

On April 29, tech commentator Jacob Canfield shared a scam letter he received via post, which claimed to be from Ledger and urged him to perform a "critical security update" on his device. The letter, which included Ledger’s logo, business address, and a reference number, instructed users to scan a QR code and enter their wallet’s private recovery phrase to validate the device. It also threatened that failure to complete this process could result in restricted access to the wallet and funds.

A seed phrase, or recovery phrase, is a string of up to 24 words that unlocks access to a crypto wallet. If a scammer obtains this phrase, they can access and control the associated wallet to transfer its holdings elsewhere.

Earlier this month, a crypto hardware wallet reseller reported receiving multiple accounts of Ledger users receiving similar letters. In response to Canfield’s post, Ledger confirmed that the letter is a scam and cautioned its device users to stay vigilant against phishing attempts. The company emphasized that it will never call, direct message, or ask for a user's 24-word recovery phrase, and advised users not to engage with accounts claiming to be Ledger employees or offering to help recover funds.

Canfield suggested that the scammers might be targeting Ledger customers whose data was leaked nearly five years ago. In July 2020, a hacker breached Ledger’s database and exposed the personal information of over 270,000 customers, including names, phone numbers, and home addresses. The following year, several Ledger users reported receiving fake Ledger devices designed to install malware upon use.

This incident underscores the ongoing threat of phishing scams in the cryptocurrency community. Scammers are becoming increasingly sophisticated in their methods, using legitimate-looking letters and official branding to deceive users. The seed phrase is a critical piece of information that, if compromised, can result in the loss of all digital assets stored in the wallet.

Ledger has taken proactive steps to educate its users about the risks of such scams and has provided guidelines on how to protect their wallets. The company advises users to never share their seed phrases with anyone and to be cautious of any requests for this information, regardless of the source. Additionally, Ledger recommends using their official support channels for any issues or concerns, ensuring that users are communicating with legitimate representatives of the company.

The increasing sophistication of these scams highlights the importance of vigilance in the cryptocurrency community. Users must remain cautious and informed about the latest tactics employed by scammers. By following best practices for wallet security and being aware of the signs of a potential scam, users can better protect their digital assets from theft. Ledger's proactive approach to educating its users and providing robust support channels is a crucial step in mitigating the risks associated with these fraudulent activities.