New Ledger Seed Phrase Scam Targeting Cryptocurrency Users via Mail

Scammers are sending fake letters to Ledger hardware wallet users, claiming they need to verify their seed phrases for a critical security update. Tech expert Jacob Canfield revealed the scam, highlighting its urgency and potential risk of theft. Ledger confirmed the letters are not legitimate and reminded users that they won’t ask for seed phrases. This tactic may be linked to a previous data breach from 2020, highlighting the ongoing dangers in the crypto world.

As the world of cryptocurrency continues to grow, so do the threats against it. Recently, fraudsters have devised a new method, using fake letters sent through traditional postal services to target cryptocurrency users who own Ledger hardware wallets. Reports highlight that these letters, featuring official logos and addresses, falsely inform recipients that they must confirm their private seed phrases due to an urgent security update.

Tech commentator Jacob Canfield exposed this scam after receiving a deceptive letter at his home. It instructs the recipient to scan a provided QR code and enter their private recovery phrase. Unsurprisingly, this is designed to steal access to their cryptocurrency holdings. Alarmingly, the letter creates a sense of urgency, warning that failure to comply could result in limited access to wallets and funds.

Experts are emphasising how critical it is not to divulge seed phrases. Security professionals urge anyone who responds to these scams risks handing over complete control of their cryptocurrency assets to thieves. Canfield’s post on social media accurately flagged this incident, revealing that this was not just a random occurrence but a continued trend of fraudulent activity directed towards Ledger clients.

So, what exactly is a seed phrase? Simply put, a recovery phrase is a vital alphanumeric key composed of up to 24 words that gives complete access to a cryptocurrency wallet. Scammers value these phrases immensely because they grant total control over the corresponding funds.

In a response to this ongoing issue, Ledger has confirmed that it did not authorise any such correspondence. The company has been clear in its messaging: “Ledger will never call, DM, or ask for your 24-word recovery phrase. If this happens, you’re being scammed.” They caution users against engaging with any accounts claiming to represent Ledger, or offering assistance for fund recovery.

This fraudulent mailing scheme can also likely be traced back to a notorious data breach from July 2020. During this incident, Ledger’s database was hacked, compromising the personal information of over 270,000 users. The data exposed, which included names, phone numbers, and addresses, provides a basis for scammers to personalise their attacks. Interestingly, Canfield noted this connection, emphasising that these letters target individuals whose information was leaked in 2020.

It’s worth mentioning that there have been previous instances where physical mail was used in cryptocurrency scams. In 2021, reports surfaced of fake Ledger devices being sent out, which were designed to release malware when connected to a computer. The current mail scam represents an alarming evolution in fraudulent strategies, merging traditional mail fraud with cryptocurrency theft.

To sum up, the message is clear: if you own a hardware wallet, be wary. Legitimate companies, especially in this field, will never request your recovery phrase. Always stay vigilant and warn your friends and family, particularly those who may not be up to speed with the latest security threats in crypto.

Image sourced from Joint Base San Antonio, with trading insights provided by TradingView.