Ledger hardware wallet's users targeted by mail, reportedly exploiting data leaked in 2020 breach

Scammers are sending physical letters to Ledger hardware wallet users, impersonating the company in an effort to steal wallet seed phrases — a phishing scheme that may be linked to Ledger’s 2020 data breach.

In a recent post on X, Jacob Canfield shared a photo of one such fraudulent letter. The letter, which arrived by mail, was made to look official with Ledger branding, business address, and a unique reference number. It asked the recipient to scan a QR code and input their wallet’s 24-word recovery phrase, claiming it was required for a “critical security update.” It also stated that failure to complete the “mandatory validation process” could lead to restricted access to the user’s crypto funds.

Responding to Canfield’s post, Ledger reminded users that “Ledger will never ask for your 24-word recovery phrase. If someone does, it’s a scam.”

Canfield speculated that this scam letter may be tied to Ledger’s notorious data breach from July 2020. In that incident, a hacker exploited an inactive API key to access portions of Ledger’s e-commerce and marketing database. The breach resulted in the exposure of approximately one million customer email addresses, along with other personal details such as names, phone numbers, shipping addresses, and information about purchased products.

While it’s unknown whether Canfield’s letter is tied to the 2020 Ledger breach, cybersecurity outlet BleepingComputer previously reported that data from the breach had been used in various crypto phishing campaigns involving fake emails, counterfeit hardware wallets, and scam websites.