A new phishing scam is targeting digital asset holders with Ledger hardware wallets—and it’s an old-school but effective method: physical mail.
Users are reporting receiving letters in the mail that appear to be from Ledger, the popular hardware wallet provider.
The letters claim to be from the company’s security team and ask users to do a “critical security update” by scanning a QR code and entering their 24-word recovery phrase.
Ledger Wallet’s team and cybersecurity experts say this is obviously a scam—and a bad one.
“Ledger will never ask for your 24-word recovery phrase. If someone does, it’s a scam,” the company said in response to the scam reports.
The letters look like official Ledger Wallet correspondence. They have the company’s logo, business address and even a reference number to look legit.
Recipients are told it’s “mandatory” and if they don’t comply, access to their wallets will become “restricted”.
The goal is simple: get users to hand over their seed phrases – an action that gives the attackers full control of the victims’ entire digital asset stash.
The scam was first reported by tech analyst and trader Jacob Canfield who shared an image of the letter he received at his home on April 29, 2025.
“Scammers are sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk,” Canfield wrote on X (formerly Twitter).
The scam appears to be linked to a 2020 data breach that exposed the personal info of over 270,000 Ledger customers including names, phone numbers, email addresses and home addresses.
Although the breach happened nearly 5 years ago, the stolen info has continued to fuel phishing attacks.
This isn’t the first time scammers have used physical mail to exploit the breach. In 2021 some Ledger users received tampered hardware wallets in the mail that installed malware on their computers.
Ledger acknowledged the issue and warned users to be careful.
“Scammers impersonating Ledger and Ledger representatives are unfortunately common,” the company posted. “Stay cautious and keep your crypto safe.”
What’s most concerning about this phishing attempt is how real it feels. Using real names and addresses—likely from the 2020 breach—the scammers can send letters that look official and urgent.
These letters are especially risky for non-techy users, including older people, who might trust a physical letter more than an email or social media message.
Related: Bitcoin Hardware Wallet Hacks | What You Need to Know
Seed phrases, also known as recovery phrases, are the most sensitive piece of information tied to a bitcoin wallet. If someone gets their hands on it, they can take full control of the wallet and drain all the funds.
Ledger has put out several public notices that it never asks for your seed phrases—not by email, phone call, direct message or physical mail.
Some community members are suggesting that Ledger revise the standard security alerts to specifically mention physical letters as a phishing method.
