Crypto Scammers Go Old School: Ledger Users Hit with New Seed Phrase Mail Scam

Crypto Journalist

Amin Ayan

Crypto Journalist

Amin Ayan

About Author

Amin Ayan is a crypto journalist with over four years of experience in the industry. He has contributed to leading publications such as Cryptonews, Investing.com, 99Bitcoins, and 24/7 Wall St. He has...

Author Profile

Share

Copied

Last updated: 

April 29, 2025

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Owners of Ledger hardware wallets have reported receiving fake physical letters designed to trick them into revealing their wallet seed phrases as part of a new wave of crypto scams.

On April 29, tech analyst Jacob Canfield posted a warning on X, sharing a scam letter that had arrived at his home.

Disguised as official correspondence from Ledger, the letter instructed him to perform a “critical security update” by scanning a QR code and entering his 24-word recovery phrase.

Ledger Scam Letter Mimics Official Mail With Logo and Reference Number

The professionally designed letter included Ledger’s logo, a return address, and a reference number to lend credibility.

It warned that failure to complete the “validation” could result in restricted access to the user’s funds—an intimidation tactic meant to spur action.

Ledger responded directly to Canfield’s post, confirming the letter was fraudulent and part of a phishing attempt.

“Ledger will never ask for your 24-word recovery phrase,” the company reiterated, advising users not to trust unsolicited messages or individuals claiming to be Ledger representatives.

Seed phrases, often 12 to 24 words long, are the most sensitive component of a crypto wallet. Anyone who gains access to them can take full control of a user’s assets.

Some community members suspect the scam stems from Ledger’s infamous 2020 data breach, when the personal information of over 270,000 customers—including names, emails, and home addresses—was leaked online.

That incident was followed by numerous phishing campaigns, including one in which tampered Ledger devices were mailed to victims to install malware.

The recent mail scam appears to be another tactic targeting those affected by the breach, showing how long the consequences of data leaks can linger in the crypto world.

Phishing Scam Targets Coinbase, Gemini Users

In March, several crypto users flagged sophisticated phishing scam emails, which targeted Coinbase and Gemini users with legit-looking fraudulent emails.

The mass email reportedly arrived in various user inboxes on Saturday. The scam mail pointed to a class action lawsuit against Coinbase for allegedly involving in unregistered securities, adding that the court has mandated users to convert their assets into self-custody wallets.

Further, the mail also stressed that the deadline to transfer user assets to a self-custodial wallet is April 1st, 2025.

As reported, in the first three months of 2025, the crypto ecosystem lost a whopping $1,635,933,800 across 39 incidents, according to the blockchain security platform Immunefi.

The report claimed, “Q1 2025 marks the worst quarter for hacks in the history of the crypto ecosystem.”

Most of that was the result of only two hacks of two centralized exchanges. Phemex suffered a $69.1 million loss in January, while Bybit lost $1.46 billion in February.

Subsequently, the total number of losses in the first quarter marks a 4.7x increase compared to Q1 2024. At that time, hackers and fraudsters stole $348,251,217.

Notably, experts assume that the infamous North Korean Lazarus Group is behind the two largest attacks. They stole $1.52 billion, which is 94% of total losses.