Scammers are mailing physical letters to the owners of Ledger crypto hardware wallets asking them to validate their private seed phrases in a bid to access the wallets to clean them out.<\/p>\n
In an April 29 X post, tech commentator Jacob Canfield shared<\/a> a scam letter<\/a> sent to his home via post that appeared to be from Ledger claiming he needed to immediately perform a \u201ccritical security update\u201d on his device.\u00a0<\/p>\n The letter, which uses Ledger\u2019s logo, business address, and a reference number to feign legitimacy, asks to scan a QR code and enter the wallet\u2019s private recovery phrase<\/a> under the guise of validating the device.<\/p>\n The letter threatens that \u201cfailure to complete this mandatory validation process may result in restricted access to your wallet and funds.\u201d<\/p>\n Source: <\/em>Jacob Canfield<\/em><\/a><\/p>\n A seed phrase, or recovery phrase, is a string of up to 24 words that unlocks access to a crypto wallet. A scammer with the phrase can access and control the associated wallet to transfer its holdings elsewhere.<\/p>\n Earlier this month, the X account of a crypto hardware wallet reseller said<\/a> it had also received multiple reports of Ledger users receiving a similar letter.<\/p>\n In response to Canfield\u2019s post, Ledger said<\/a> the letter is a scam and cautioned its device users to stay vigilant against phishing attempts<\/a>.<\/p>\n Related: <\/strong><\/em>Ledger wallet user reports 10 BTC loss \u2014 Community blames phishing<\/strong><\/em><\/a><\/p>\n \u201cLedger will never call, DM [direct message], or ask for your 24-word recovery phrase. If someone does, it’s a scam,\u201d it added.<\/p>\n \u201cPlease don’t engage with accounts claiming to be Ledger employees or anyone offering to help recover funds.\u201d<\/p>\n Canfield suggested that scammers were sending letters to Ledger customers whose data was leaked nearly five years ago.<\/p>\n In July 2020, a hacker breached Ledger\u2019s database<\/a> and dumped the personal information of more than 270,000 of its customers online, which included names, phone numbers and home addresses<\/p>\n The following year, several Ledger users claimed to have been mailed fake Ledger devices<\/a> that were tampered with and designed to install malware upon use, Bleeping Computer reported<\/a> at the time.<\/p>\nUnclear whether connected to the Ledger\u2019s data leak<\/h2>\n