Ledger Users Targeted by Sophisticated Phishing Scam via Physical Letters

Scammers are targeting Ledger wallet users with a sophisticated phishing campaign involving fraudulent physical letters posing as official company correspondence. The deceptive letters misuse Ledger’s branding, logo, and official address, urging users to provide their 24-word recovery phrases under the pretext of a “critical security update.” The letters threaten to restrict wallet access if the instructions are not followed.

Trader Jacob Canfield exposed the scam via a post on the X platform, highlighting the letter’s alarming authenticity. The letter instructed recipients to scan a QR code to enter their recovery phrases. The letter falsely claimed that doing this would ensure continued access to the wallet, adding a sense of urgency to the scam. “Failure to complete this mandatory validation process may result in restricted access to your wallet and funds. This security measure is imperative to safeguarding the integrity of our platform and protecting user assets,” the fraudulent letter read.

According to Canfield, this scam likely leverages a major data breach Ledger experienced in July 2020. Hackers leaked the personal information of approximately 272,000 users, including names, phone numbers, and postal addresses. This stolen data appears to have enabled scammers to target Ledger users with personalized physical letters, enhancing the perceived legitimacy of the phishing attempt.

Notably, Ledger issued an official response, confirming the letter as a scam. The post emphasized that the company never requests recovery phrases through phone calls, messages, or other mediums. “Always remember: Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam. Stay cautious and keep your crypto safe,” the statement read. The company urged users to remain vigilant against phishing attempts. Ledger also assured users that its hardware wallets and funds remain secure, as the devices are designed to keep private keys isolated from vulnerabilities.

The shift to physical mail represents a concerning evolution in crypto scams, which have historically relied on digital channels like email or SMS. Canfield highlighted the potential impact on less tech-savvy individuals, particularly elderly users, who may be more vulnerable to such tactics. He requested that Ledger proactively notify its customers through official channels to prevent further exploitation.

This latest scam adds to a long list of fraudulent schemes targeting cryptocurrency users. Recently, an SMS phishing scam targeted several Binance users. In addition, fake emails were sent to Gemini users. The email instructed them to withdraw funds to an Exodus wallet. It falsely claimed that Gemini had filed for bankruptcy and even provided a seed phrase. This was an attempt to trick users into compromising their wallets.

In summary, the new Ledger phishing scam uses fake letters to steal recovery phrases, exploiting a data breach from 2020. The scam's sophistication and use of physical mail pose a significant threat, particularly to less tech-savvy users. Ledger has confirmed the scam and urged users to remain vigilant. The evolution of crypto scams from digital to physical channels underscores the need for heightened security awareness among users.