Ledger Warns Users of New Phishing Scam via Physical Mail

Ledger, a prominent manufacturer of hardware wallets, has issued a warning to its users about a new type of phishing scam that involves physical mail. This scam targets Ledger wallet owners by sending official-looking letters that bear the company's logo and business address. The letters falsely claim to be from Ledger's "Security and Compliance" team and instruct recipients to scan a QR code and enter their 24-word recovery phrase to "validate" their device. The scammers assert that this process is part of a "critical security update" and threaten that failure to complete the "mandatory validation" could result in restricted access to wallets and funds. Those who comply with the scam risk losing all funds stored on their device.

The scam was first brought to public attention by Jacob Canfield, who posted about it on X and urged readers to be cautious and warn others who may not be familiar with cryptocurrency. Ledger responded to the post, confirming that its customers were being targeted and advising users to stay vigilant against phishing attempts. The physical mail scheme leverages data from the 2020 customer address leak, where Ledger's e-commerce and marketing database was compromised due to a misconfigured third-party API. This breach exposed the personal data of approximately 270,000 customers, including names, email addresses, phone numbers, and physical mail addresses. A subsequent data dump on RaidForums contained 272,853 detailed buyer records, which scammers began freely sharing later that year.

This incident highlights the evolving tactics of cybercriminals, who are increasingly using physical mail to deceive victims. The use of official-looking letters and the threat of restricted access to funds add a layer of urgency and legitimacy to the scam, making it more convincing to unsuspecting users. Ledger's prompt response and public warning are crucial steps in mitigating the impact of this scam. However, the incident underscores the importance of user education and vigilance in protecting against such threats. Users are advised to be cautious of any unsolicited requests for sensitive information, regardless of the medium through which they are received.