Scammers are at it again, this time targeting Ledger crypto wallet users through old-school snail mail. Using data stolen from a 2020 breach, fraudsters are sending official-looking letters claiming urgent “security updates” – complete with fancy letterheads and QR codes. Their goal? Trick people into revealing their 24-word recovery phrases, fundamentally handing over the keys to their crypto kingdom. The 270,000 exposed customers from the original breach are learning that some data leaks just keep on giving.
A new wave of scammers is hitting Ledger crypto wallet users where it hurts – right in their physical mailboxes. These criminals aren’t messing around with amateur tactics. They’re leveraging data from a massive 2020 breach that exposed roughly 270,000 Ledger customers’ personal information, including their home addresses.
The scam is deliciously simple, yet maddeningly effective. Official-looking letters, complete with Ledger’s logo and business address, arrive claiming to be from the company’s “Security and Compliance” team. The kicker? They’re about as real as a three-dollar bill. These fraudsters are pulling out all the stops, using QR codes and fancy letterhead to convince users they need an urgent “security update.” Since Ledger never calls or texts users directly, these mailed communications should raise immediate red flags.
It’s all connected to that infamous 2020 data leak when Ledger’s e-commerce database got compromised. The stolen information, which included names, phone numbers, and addresses, ended up splashed across platforms like RaidForums. What started as email and phone scams has evolved into something more sophisticated – and old school. Who knew snail mail could be so devious? Victims should be aware that phishing emails often contain urgent messages and grammatical errors designed to create panic.
The scammers’ endgame is painfully obvious: they want users to scan their QR code and hand over their 24-word recovery phrase. That’s like giving someone the keys to your house, your car, and your bank account all at once. They’re creating artificial urgency, threatening restricted wallet access if users don’t comply. Classic pressure tactics, now with a crypto twist.
Ledger, the actual company, has been crystal clear about one thing: they’ll never ask for recovery phrases. Period. But these scammers are counting on confusion and panic to override common sense. The irony isn’t lost – in an age of sophisticated cyber threats, it’s good old-fashioned mail fraud that’s giving crypto users headaches.
The 2020 breach keeps on giving, proving that in the world of crypto scams, what’s old is new again.
