Ledger Users Targeted by Physical Mail Seed Phrase Scam

Key Takeaways

View live Bitcoin price prediction models.

charts.bitbo.io/predictions

A new phishing scam has emerged targeting users of Ledger hardware wallets, this time using physical mail to exploit personal information leaked in a 2020 data breach.

Victims are receiving official-looking letters claiming to be from Ledger’s security team, warning of a “mandatory security update.”

Scam tactics & warnings

The letters instruct recipients to scan a QR code and enter their 24-word seed phrase — a move that would hand over full control of their wallets to scammers.

Ledger has reiterated that it never asks users to share recovery phrases under any circumstances.

Ledger stated in response to reports:

Ledger will never ask for your 24-word recovery phrase. If someone does, it’s a scam.

Initial reports & historical context

The scam was first reported on April 29 by tech analyst Jacob Canfield, who received one of the fraudulent letters at his home.

Canfield posted on X:

Scammers are sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.

Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.

Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt

— Jacob Canfield (@JacobCanfield) April 28, 2025

This phishing attempt exploits the Ledger data breach from 2020, in which over 270,000 users had their names, phone numbers, email addresses, and home addresses leaked.

While digital phishing attempts have been ongoing for years, this latest wave revives a previous tactic used in 2021, where scammers mailed tampered Ledger devices.

Ledger’s response & user advisory

Ledger has issued new warnings, urging users to remain vigilant and to ignore all unsolicited requests for recovery phrases, no matter how official they appear.