Ledger confirms physical scam letters requesting seed phrase in fake security upgrade
Quick Take
- Ledger confirmed that there’s a new scam sending physical letters to customers requesting their seed phrases.
- Jacob Sanfield, the trader who reported the scam on X, said the scammers were targeting addresses obtained from a database leak. Ledger did not address this claim.
Crypto hardware wallet giant Ledger confirmed that scammers are now sending physical letters to users in an attempt to steal private recovery phrases.
On Tuesday, crypto trader and influencer Jacob Canfield said on X that a new "scam meta" involves sending physical letters to users' addresses.
The images Canfield attached to his post show a letter bearing Ledger's official logo, instructing the recipient to complete a "mandatory wallet validation" for a critical security update. The letter directs recipients to scan a QR code and enter their recovery phrase.
"Failure to complete this mandatory validation process may result in restricted access to your wallet and funds," the letter said.
In response to Canfield's X post, Ledger confirmed that the physical letter is a scam.
"Scammers impersonating Ledger and Ledger representatives are unfortunately common," Ledger said. "Always remember: Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it's a scam."
Leaked address
Canfield claimed in his X post that customer addresses were obtained from a database leak.
Ledger announced in July 2020 a data breach that compromised customer data, where a database containing the personal details of more than 273,000 customers was freely released on a hacking forum later in the year. The database contained emails, physical addresses and phone numbers of Ledger hardware wallet buyers.
However, the company did not address in its reply how the perpetrators obtained user addresses, nor did it confirm Canfield's claim that a previous database leak was the source.
The Block has reached out to Ledger for comment regarding this matter.
Ledger crypto hardware wallet users have been targeted by scammers using various methods, such as fake emails containing phishing links and fake social media accounts impersonating Ledger employees.
According to a Chainalysis report, yearly scam revenue in 2024 was estimated at $12.4 billion, continuing to rise as crypto fraud becomes "more professionalized."
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
