- Scammers have mailed fraudulent letters to Ledger hardware wallet users, requesting their 24-word recovery phrases
- These letters impersonate Ledger, citing a “critical security update” and urging users to scan a QR code
- The scam appears to exploit data from Ledger’s 2020 breach, which exposed over 270,000 customer addresses
Scammers are sending physical letters to Ledger hardware wallet owners, posing as the company and requesting sensitive recovery phrases under the guise of a security update. These letters, which mimic official Ledger correspondence, direct recipients to scan a QR code leading to a fraudulent site. The campaign seems to leverage data from a 2020 Ledger breach that leaked extensive customer information.
Letters Try to Scam You
Ever since the mammoth Ledger data breach of 2020, victims have been on the receiving end of everything from emails to compromised Ledger wallets from scammers trying to steal their funds. Those scammers have now turned to letters that appear to be from Ledger’s “Security and Compliance” team, warning of a “critical security update” and inginstruct users to scan a QR code, leading to a site that solicits their 24-word recovery phrase—a master key to their crypto assets.
Jacob Canfield, a tech commentator, shared an image of such a letter he received, cautioning others:
<blockquote class=”twitter-tweet”><p lang=”en” dir=”ltr”>Breaking: New scam meta launched. Now they’re sending physical letters to the <a href=”https://twitter.com/Ledger?ref_src=twsrc%5Etfw”>@Ledger</a> addresses database leak requesting an ‘upgrade’ due to a security risk.<br><br>Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. <a href=”https://t.co/XoUAGQBJXt”>pic.twitter.com/XoUAGQBJXt</a></p>— Jacob Canfield (@JacobCanfield) <a href=”https://twitter.com/JacobCanfield/status/1916977850344694024?ref_src=twsrc%5Etfw”>April 28, 2025</a></blockquote> <script async src=”https://platform.twitter.com/widgets.js” charset=”utf-8″></script>
Ledger has confirmed that these letters are fraudulent and emphasized that it will never ask for users’ recovery phrases, stating, “Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam.”
Connection to the 2020 Data Breach
The mailing addresses used in this scam are believed to originate from a 2020 data breach, where Ledger’s e-commerce and marketing database was compromised. This breach exposed personal information of approximately 270,000 customers, including names, phone numbers, and physical addresses. The leaked data has since been circulated on forums, providing scammers with the means to execute targeted attacks.
To protect against such scams, Ledger advises users to:
- Never share your 24-word recovery phrase with anyone, including Ledger staff
- Only use official Ledger channels for communication and software downloads
- Be skeptical of unsolicited messages or letters requesting sensitive information
If you receive a suspicious letter or message, report it to Ledger and avoid interacting with the content. Staying informed and cautious is key to protecting your digital assets.
