Discovering out Time: 2 minutes
- Scammers have mailed false letters to Ledger hardware wallet users, inquiring for their 24-notice restoration phrases
- These letters impersonate Ledger, citing a “necessary safety substitute” and urging users to scan a QR code
- The scam appears to exploit files from Ledger’s 2020 breach, which uncovered over 270,000 customer addresses
Scammers are sending physical letters to Ledger hardware wallet owners, posing because the company and inquiring for comely restoration phrases below the guise of a safety substitute. These letters, which mimic official Ledger correspondence, command recipients to scan a QR code leading to a false space. The promoting campaign appears to leverage files from a 2020 Ledger breach that leaked intensive customer files.
Letters Strive and Rip-off You
Ever since the gargantuan Ledger files breach of 2020, victims have been on the receiving pause of the entirety from emails to compromised Ledger wallets from scammers looking out to steal their funds. These scammers have now modified into to letters that appear to be from Ledger’s “Security and Compliance” group, warning of a “necessary safety substitute” and inginstruct users to scan a QR code, leading to a space that solicits their 24-notice restoration phrase—a grasp key to their crypto property.
Jacob Canfield, a tech commentator, shared a image of the form of letter he got, cautioning others:
Breaking: Original scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak inquiring for an ‘upgrade’ attributable to a safety risk.
Be very cautious and warn any chums or family that is in crypto and just isn’t that savvy. pic.twitter.com/XoUAGQBJXt
— Jacob Canfield (@JacobCanfield) April 28, 2025
Ledger has confirmed that these letters are false and emphasized that this can additionally never ask for users’ restoration phrases, stating, “Ledger will never name, DM, or ask for your 24-notice restoration phrase. If somebody does, it’s a scam.”
Connection to the 2020 Records Breach
The mailing addresses extinct on this scam are believed to make from a 2020 files breach, where Ledger’s e-commerce and marketing database was once compromised. This breach uncovered non-public files of roughly 270,000 customers, including names, telephone numbers, and physical addresses. The leaked files has since been circulated on boards, offering scammers with the manner to realize targeted assaults.
To present protection to in opposition to such scams, Ledger advises users to:
- By no manner allotment your 24-notice restoration phrase with anybody, including Ledger group
- Easiest exhaust official Ledger channels for verbal substitute and application downloads
- Be skeptical of unsolicited messages or letters inquiring for comely files
When you receive a suspicious letter or message, file it to Ledger and steer clear of interacting with the recount. Staying told and cautious is awfully indispensable to keeping your digital property.
