In what seems to be a newly reported development, cybercriminals have stooped as low as using ordinary postal mail to defraud users of cryptocurrency by sending fake letters to owners of Ledger hardware wallets. These letters, in an attempt to impersonate a critical update, instruct and mislead recipients to confirm their private seed phrases, pretending it is a part of a security update. The first reports of this scam coming to light started surfacing on the social media platform X on April 29. This is a new type of strategy that blends traditional postal scams with high-tech hooliganism in the world of cryptocurrency.
Masquerading as Offline Business Correspondence
Tech journalist Jacob Canfield is said to have discovered the scam after he received such correspondence at his residence. In what appears to be an entirely separate scheme, perpetrators supposedly reused Ledger’s business logo and address on the letter, which was accompanied by some reference number, thereby trying to legitimize the communication. The letter instructs the users to scan a QR code and later enter their wallet’s recovery private key, claiming that this procedure is needed to confirm device registration. As reported, the communication employs fear mongering by stating that “not completing this required validation process may restrict access to the wallet and fund.” Security experts warn that anyone who follows these steps will forfeit complete control of their cryptocurrency holdings to private criminals.
Recovery Phrases: Access Keys for Crypto Holdings
A recovery phrase, commonly called a seed phrase, is a list of words that can be as long as 24 in number. This phrase acts as a master key to access a cryptocurrency wallet. Control of the associated wallet is complete with this phrase and the possessor can freely send all the funds within it to other wallets without needing any further permission. Because of the unparalleled control that can be exercised using this control mechanism, seed phrases are highly valuable, the most sought-out target by scammers trying to hijack cryptocurrency.
The hardware wallet company itself verified that the letters were in fact fake and not documents from the company. Ledger made an announcement after Jacob Canfield’s post claiming that the scam was spread via social media. Parts of the firm’s statement were captured as, Him ledger will never call, DM [direct message], or ask for your 24-word recovery phrase. It happens; it is a scam.” Ledger has also warned customers not to engage with accounts or personas claiming to be providing aid masquerading as Ledger employees because these are most likely designed to defraud customers.
Possible Connection to Prior Data Leak
The recent phishing attempt may be related to a major security incident that happened about five years ago. In July 2020, hackers successfully accessed Ledger’s marketing and e-commerce database. This breach reportedly exposed the personal information of more than 270,000 customers. The compromised information included extremely sensitive data such as full names, telephone numbers, and residential addresses, which could enable a targeted physical mail scam. As the malicious scheme is known, Jacob Canfield reportedly made this estimation in his social media post regarding the scam’s reveal, stating that the scammers seem to be focusing on Ledger users whose information might have been leaked during the 2020 Ledger data breach.
This is not the first case in which physical mail has been used by criminals to target users of cryptocurrency hardware wallets. Based on a 2021 Bleeping Computer report, several Ledger users reported receiving fake Ledger devices mailed to them. Those counterfeit devices allegedly had malware programmed to upload onto a computer whenever they were connected, presenting yet another physical cyberattack vector. The most recent mail scam uses letters rather than fake devices to entice users into revealing their seed phrases. This shift is interpreted as a new strategic development combining conventional mail fraud with modern cryptoasset scam techniques. Fraudulent letters embody a sophisticated breakthrough in digital deception. Security researchers advise hardware wallet owners to remain vigilant as scammers will impersonate trusted entities and deceitfully disguise themselves as security alerts, bypassing sophisticated controls, and claiming, “Your attention is immediately required.”
