The prominent crypto hardware wallet manufacturer, Ledger, has confirmed that scammers are attempting to steal recovery phrases from users through fake letters sent to their physical addresses. These fraudulent letters, bearing the official company logo, falsely claim a “mandatory security update” to deceive users into surrendering their sensitive information.
Users Tricked with Fake Letters
Cryptocurrency influencer Jacob Canfield exposed this new scam method via a post. The photos he shared depict a letter featuring the Ledger logo, instructing users to perform a “mandatory wallet verification.” To complete this, users are asked to scan a QR code, subsequently entering their recovery phrase.
The letter contains threatening language, such as warnings of restricted access to wallets and funds if the verification is not completed. This is designed to induce panic, prompting users to share their confidential details.
Ledger has made it clear that these letters do not have any association with them. The company stated, “It is not possible for Ledger or its representatives to call, message, or request your 24-word recovery phrase. Anyone doing so is undoubtedly a scammer.”
Are Leaked Data Being Reused?
According to Canfield’s claims, scammers acquired users’ physical addresses from an earlier data breach to send these letters. In July 2020, Ledger was a victim of a major data breach, exposing email addresses, phone numbers, and address information of over 273,000 users.
By the end of that year, these details had been freely circulated on dark web forums. Since then, many users have fallen victim to various scams. However, Ledger did not directly address Canfield’s allegations about how the addresses were obtained.
Besides physical letters, Ledger users had also been targeted via fake emails and social media accounts. Scammers impersonating company representatives directed users to malicious links.
Fraud Techniques Becoming More Sophisticated
According to blockchain analysis firm Chainalysis’s 2024 report, the revenue from fraudulent activities has reached approximately $12.4 billion. This figure highlights how scamming methods are becoming increasingly organized and convincing each year.
The use of physical letters marks a new level of sophistication in scam attempts. Due to widespread online warnings and increased digital security awareness, scammers seem to be reverting to less conspicuous, old-school methods.
Experts emphasize that crypto wallet recovery phrases should never be shared online or with third parties. It is essential for users to maintain security to prevent user errors that could jeopardize the high-level security provided by hardware wallets.