Ledger users are targeted by a new scam involving fraudulent letters demanding seed phrases. These letters mimic official communications and contain threatening messages about account deactivation. Linked to a 2020 data breach, the scam aims to exploit affected users’ personal information.
Users of Ledger’s cryptocurrency hardware wallets are now facing a troubling new threat. Scammers are sending out fake physical letters that closely resemble official communications from Ledger, demanding users confirm their seed phrases. These letters sport Ledger’s logo and business address, using alarming language about potential account deactivation to compel recipients to comply.
Recent incidents highlight how real these scams look. Tech commentator Jacob Canfield recently reported receiving one such letter in his mailbox. At first glance, it appeared to be a legitimate communication from Ledger, insisting that Canfield validate his device. The scam letter urged him to scan a QR code and enter his private recovery phrase to avoid losing wallet access, effectively trapping unwary users.
A seed or recovery phrase typically consists of a series of words—often up to 24—that grant access to a crypto wallet. If a scammer obtains this phrase, they can swiftly take control of funds housed within that wallet. Reacting quickly, Ledger confirmed on Canfield’s post that the letter he received was indeed part of a phishing attempt, advising users to remain vigilant against these scams.
Canfield also raised a concerning point about a potential link to a data security breach that Ledger experienced back in 2020. Ledger publicly acknowledged that hackers had illicitly accessed its database and released sensitive personal data of over 270,000 customers; this dossier included home addresses and phone numbers.
Since the breach, Canfield noted that many of those affected have reportedly been inundated with these fraudulent letters. A year after the data leak, a report from Bleeping Computer surfaced, indicating users had received Ledger devices unsolicited, raising concerns over possible malware embedded in these items. The devices were allegedly modified, triggering harmful applications upon activation.
This chain of events not only highlights the ever-evolving tactics of scammers but also serves as a stark reminder of the need for users to maintain their awareness regarding crypto security. Ledger’s guidance reinforces this imperative, underlining the importance of protecting personal information and identifying legitimate communications. Failing to do so can lead to devastating financial losses for unsuspecting victims.
