Just when you thought phishing scams couldn't get more retro, crypto scammers are sliding into your... mailbox.
No, not your inbox. Your actual physical mailbox. Like it’s 1997 and they’re sending you AOL CDs.
Ledger wallet users are being targeted by a shockingly old-school yet sophisticated phishing campaign. Instead of shady emails or DMs, these scammers are mailing fake letters—yes, actual paper envelopes—with official-looking Ledger branding, urging users to scan a QR code and enter their 24-word seed phrase.
And yes, people are falling for it.
A Letter You Don’t Want to Receive
Trader and tech analyst Jacob Canfield rang the alarm bell on April 29, sharing images of a fake Ledger letter he received at home via post. The letter claimed to be about a “critical security update,” complete with the Ledger logo, business address, a reference number for good measure, and the looming threat of wallet restrictions.
Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.
— Jacob Canfield (@JacobCanfield) April 28, 2025
Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt
If that sounds legit, that’s the point.
“Failure to complete this mandatory validation process may result in restricted access to your wallet and funds,” the letter warns, feigning urgency.
“This security measure is imperative to safeguarding the integrity of our platform and protecting user assets.”
Translation: “Hand over your crypto or we’ll pretend we’re protecting you while robbing you blind.”
The letter also includes a QR code. Scan it, and you’re sent to a slick-looking phishing site, where you’re asked to plug in your 24-word recovery phrase.
And you already know what happens next.
Your Seed Phrase, Their Jackpot
For the uninitiated, that seed phrase is the holy grail of crypto access. It’s basically the password to your entire crypto wallet. Share it once, and poof—your Bitcoin, ETH, dog-themed memecoins, all vanish into some scammer's wallet faster than you can say “not your keys.”
And because this scam arrived by mail, not email, it’s hitting a demographic that might be less tech-savvy and more trusting of official-looking envelopes. Especially older investors who may not be glued to Crypto Twitter 24/7.
Canfield pointed out this very risk, urging Ledger to proactively warn its user base via email or even SMS. Because if a trader in the space almost got got, what about Grandma Hodler?
Where Did Scammers Get the Info?
You might be asking: “How the hell did they get my name and address?”
Well, surprise—this probably ties back to the infamous Ledger data breach of July 2020. That’s when hackers leaked the personal data of 272,000 users: names, phone numbers, physical home addresses, and emails. Basically everything but your wallet password (which they’re trying to get now).
So yeah, if you ever ordered a Ledger before mid-2020 and forgot about that breach, this might explain why your name is suddenly popping up in phishing campaigns with disturbingly accurate personal details.
This isn’t even the first time post-breach scammers have gone physical. In 2021, some Ledger users reported receiving actual Ledger devices in the mail—completely fake and loaded with malware. The goal? Same as today: hijack your wallet.
Ledger Responds: It Ain’t Us
Ledger quickly responded to Canfield’s post, confirming that yes, it’s a scam, and no, they’ll never ask for your recovery phrase.
“Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it’s a scam,” the company posted.
You are correct, this is a scam. We appreciate your efforts to warn others. Please stay vigilant against phishing attempts. Scammers impersonating Ledger and Ledger representatives are unfortunately common. While we actively report and block scammers, we can't control what…
— Ledger (@Ledger) April 29, 2025
The company also reiterated that their wallets themselves remain secure, because your seed phrase never leaves the device unless you’re reckless enough to hand it over.
But as for the mailing list? Well, that breach already happened. The toothpaste is out of the tube.
Why This Matters, It’s a Scam Evolution
Phishing usually lives online. Think sketchy DMs on Discord, fake emails pretending to be MetaMask, or spoofed SMS texts from “Binance.” But this scam’s analog approach is way more dangerous than it seems:
- It feels more official — People trust physical mail more than emails.
- It targets overlooked users — Like older investors or casual hodlers.
- It’s tailored using leaked personal data — Not just “Hi user,” but “Hi John Smith of 1234 Maple Street.”
It’s a bold move, and unfortunately, it’s working.
Phishing Is Getting Smarter
This isn’t just a Ledger problem. Recently:
- Gemini users got emails telling them to “withdraw” funds to a fake Exodus wallet.
- Binance users were hit with SMS scams asking them to log in to a phishing site.
- A reported 10 BTC loss was blamed on a phishing attack targeting a Ledger user.
These scams are ramping up in 2025, just as mainstream crypto interest is returning. Ironically, the more secure your hardware wallet is, the more scammers will attack the human layer.
HODL Team
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.
