Bitcoin Forum

Sometimes back in 2024, Ledger experienced a data breach. It was reported that about 270,000 users data was stolen, including their phone numbers, email and physical mail addresses, and now scammers are using that information to start another war of physical scams through their mailboxes.

What do they do? They sent mail to Ledger customers from the leaked information to their mailboxes for them to update/upgrade their seed phrase, and failure to do so, their services will be terminated and they won't be able to access their wallet.

One X user reported yesterday that he received a mail from a fake Ledger company to update his seed phrase with the Ledger logo as letter head and a well-composed, organised mail. The details include a QR code that asked the user to scan and update his seed phrase; otherwise, he wouldn't be able to access his wallet and funds.

https://talkimg.com/images/2025/04/30/U2rlD5.png

Source: https://x.com/JacobCanfield/status/1916977850344694024

The details of the mail letter.



There are so several data leaks of users information from the Ledger company that I don't doubt their incompetency. Stay safe, as no company that offers hardware wallet safe services will send you such mail to your house; no one will ask you for any update or upgrade. It's just scammers getting upgraded in their skills.

This has been a common scam since some years ago. It is a common phishing scam that is not limited to only Ledger Nano users. Even on this forum, we have reported many topics about a site that you will click on the link provided by the OP all to know that the site will ask for seed phrase.

Wallet users should know what seed phrase is and the reason it should not be disclosed to another person but just the person that owns it should know it and have it with him.

Lack of crypto knowledge have cost people a lot of money, even as a beginner you just have to read the rules of handling a crypto wallet and you are good to go, what good will ever come out from someone telling you to upgrade your seed phrase? How is this even possible? It makes zero sense.

I am not just surprised as there are too many people in crypto space that shouldn't be here in the first place, they lack a lot and they are not willing to learn or listen to advice, it's the same way they choose to leave their assets on centralised exchanges willingly.

Seed phrases or private keys needs no upgrade, it can't be upgraded, it's your keys to your cribs, you cant upgrade the key to your door without changing the whole mechanism.

If anyone has your key they will open your door without you knowing, they can also make duplicate, that's because they have the original.

Yeah, this one is real. Scammers are sending letters to people affected by the old Ledger data breach, acting like it's an official message from Ledger. The letter looks clean, has the logo, and even a QR code asking you to "verify" your seed phrase or risk losing access.

But here's the thing. No legit wallet company will ever ask for your seed phrase. Not online, not by mail, not in any way. If someone’s asking for it, it’s 100% a scam.

If you get one of these, toss it. If your info was in that breach and you're feeling uneasy, you could move your funds to a new wallet with a fresh seed. Also, for future orders, consider using a PO box or privacy-focused shipping option to avoid getting hit with stuff like this again.

This scam attempt is the same as sending an email to the victims. But I feel like the physical one is most dangerous. Most people won't expect physical scam mails, and they may end up trusting these scammers and fall for these phishing scams. When scammers send emails from a virtual mail address, some of them get flagged as spam and people don't even check those emails. Sometimes people post those email online and ask if it is true. But when the scammers send you a paper mail via your mailing address, most people will believe it is came from Ledger's official because there is no way scammers know their address. This is unfortunate, but we have to deal with it.

Email means electronic mail. It is different from mails which is what you are referring to and what that is discussed on this thread.

It is a common scam but just that this one is physical. Still if you understand the email, you will know that you should avoid the letter sent.

If I see the letter, I will know that it is a scam. It is more fake because I know Ledger can not send letters because they would prefer email. Also asking for seed phrase is completely what makes it a scam.

The problem there is that knowing the house of the victims is dangerous even to physical attack.

It has happened many times with Ledger hardware wallet.
https://thecharlatan.ch/List-Of-Hardware-Wallet-Hacks/

This scam is a very common scam type and it is written in Cryptocurr3ncy scam book. (https://chainsec.io/scams/) Be careful with wallet download, install and verification befkre using are recommended practice for better security and avoid Bitcoin loss.

Hardware wallets must be bought and use rightly.

Checking online with information on Ledger website after receiving the email letter will keep email receivers safe.

Yeah, I know that, but I messed up while writing it. I messed up between mail and email. 

Yeah, people who are involved in online forums are familiar with these scam attempts. But, most of the average people don't know that something like this can happen. People do not expect their physical address to be leaked from somewhere and they don't expect mails from the scammers physically.

This is scary.

Imagine your address and personal data being in the hands of scammers, resulting in phishing emails that may come in the form of physical letters, making the scam more professional than regular emails.

If I were the recipient of such a physical letter that I found in my mailbox, I would have reported it to the police so they could track down the perpetrators and stop them from deceiving more people who might scan the QR code and fall victim to the scammer's phishing trap, potentially losing their assets forever.

With such advanced types of scams, a person should not rush if he sense something suspicious is going on. He should contact the hardware wallet’s support or ask the crypto community, and they’ll surely get the correct answer.

This is really worrying and sadly not surprising after Ledger data problem in 2024. When data gets stolen problems can last for long time. Fact is that bad guys are now using stolen info to send fake letters to Ledger customers is sneaky trick. It is understandable why you do not trust Ledger much after all the data leaks. This new scam makes trust even worse and shows how important it is for companies that deal with sensitive info especially in crypto world to have really good security.
Your advice is super important real company that keeps your crypto safe will never ask you to update your secret words especially not through letter in mail. You should always keep your secret words offline and never tell anyone. This situation is big warning to everyone who uses cryptocurrency to be careful and not trust any unexpected messages online or in mail that ask for your private wallet information. You really need to stay safe because these scammers are getting better at what they do.

Ledger customers have been endlessly attacked through phishing, but this is the first time i am reading about scammers sending letters to people's physical mailboxes. I am guessing the only information available to this scammers is people's physical mailboxes, because if they had their email address, they would have just sent an email, and i think that is even more believable. Who would believe that their hardware wallet manufacturer would just randomly send them a letter, when they can quickly communicate online.

I am afraid that with the number of customers that Ledger has, there is a big chance that there will be a number of people who will fall for this scam. I hope that most, if not all, customers who have purchased their hardware wallet have already learned that there is no need for such QR codes to upgrade the security of their hardware wallets. And if there is an update that they need to do, it should come from the Ledger Live that's being used to access these HWs that they've bought. These scammers and hackers are clever in this kind of tactic. The amount of work and effort they've exerted to send email to these potential victims sure is a lot.

But isn't this dangerous in the first place? I know the address would have been provided for shipping and delivery. If they know their physical address to send  these physical mails, then they could attack them anytime they want, knowing that they would get something. The only thing stopping them is that they don’t know if it’s going to worth it.

I think people need to stop using their home addresses for things like this.

I am not surprised hearing about this, and I am sure there are many others with similar stories that never got posted online and got publicity.
As a result of poor ledger security customer personal information is available for years and scammers are going to use that periodically.
It's easier to change phone numbers (that also got leaked), but changing home address is not that easy.
This is one of the reasons why I don't like creating a bunch of accounts with my personal details.  :P 

People have this generally believe that anyone using a hardware device to store crypto must be a substantial amount and that's why scammers target such data because of what they can do with it.

So as much as you need to fill in your details when making a purchase, it's not advisable to provide your real information. Use a decoy mailing address, secondary phone number and a newly created email for the purchase instead. If paraventure there's a data breach, it won't have any harm on you.

That's why Ledger has this post as a reminder.


They never send DM, so if you receive one from your email or especially in your spam box, it might be suspicious that you are being targeted by a scammer.

I didn't have Ledger, so I didn't experience this.
My question is, if your email has been compromised by a scammer, is there a chance that you will change it?

This is more than your emails has been compromised because the house addresses of the Ledger users were also compromised. This scam attempt this time is not done through emails but done through mail 💌. I mean sending letter to the person at his home or the address the person submitted to Ledger when buying the hardware wallet.

Most of us have developed some kind of sense of suspicion that alerts us every time we get an email, SMS, notification in Telegram... but unlike in the past, when letters from Nigerian princes arrived by ordinary mail, I think that many of us keep relying in the traditional mail more than in digital communications.

Sending letters has a higher cost than email phishing or smishing, but it may make sense for scammers in exchange for a higher success rate. It also means greater exposure, probably, so I hope they make some oversight that will help catch them.

I read about this new scam yesterday when it was posted on my local board

I believe that many of us here have data leaked on the internet because we shop online, have a telephone company registration, internet provider etc, this is nothing new, but it seems quite uncomfortable to receive a letter at home knowing that it came from a data leak, I would be with this discomfort and a little insecurity to be honest

Any user with the slightest knowledge won't fall for this scam, I think it's quite difficult since perhaps the first and most pertinent warning is always: never inform your seed to anyone and we'll never ask for it

But once again the focus is on Ledger users, and even though I have a Nano S and I like it, it's hard to defend the company because the community is so angry with the many mistakes they made  >:(

That is the discovered scamming method that is currently trending and a lot of crypto users has fallen victim to the trap.

I was involved in a cryptography discussion with some friends last week when this physical mail mail tender by scammers was brought out and it was kicked against of being a scam because no crypto wallet would perch on the order of synchronizing seed phrase on the process of physical presentation of a brand of wallet.

It was argued while some said if hardware wallets can be physically presented for physical storage of seed phrase where every transactions has to be confirmed and controls on same external device as the hardware wallet for a highily enhancement of security purposes, then there is every possiblities for a wallet brand to also serve you a hardware form of facilitating a wallet seed phrase at when necessary for security and privacy concerns (just as upgrading the seed phrase as the one shared on X platform on this thread).
I am sure that is a high level of ignorants.

My question on this revalidating or upgrading of wallet seed phrase is.... What will even prompt a wallet brand to request it users for such seed phrase request? Does seed phrase do have an expiring or outdating protocol what would warrant an upgrading? Does the seed phrase has a validation timeouts? That is absolutely a... Hell NO.
Instead you can only update your wallet application while your seed phrase remains unchanged as it is tied on the wallets address.

Be it sure that a wallet brand can only advice you to be strict and extremely careful and resist whichever means any message may come to you regarding the disclosure of your seed phrase and will never ask you to play any role of signing your seed phrase in aside when the network requests for it when you are facilitating to login or process a transaction.

Why speculate when it is publicly available information that the database leak in question happened back in 2020?


It seems to me that scammers have sent letters to home addresses before, called people on their phones and sent them SMS - but this is something that has been happening for 5 years. Such things should be reported to the police and let them try to find out where the letter was sent from - although it all depends on where you live, in some countries you may have more problems than benefits from the police.

When the address leak happened that time like 2 or 3 years ago, nothing physical that happened. You are referring to the threatening messages and calls that they are sending to Ledger customers that time. According to the news that I read it that time, they were even speaking another languages. This is the first time this one is happening now. Maybe the data was sold to bad people in some countries which is very dangerous. This taught me a lesson to avoid hardware wallet generally. I will prefer airgapped device and use a software wallet on it.

Well, the URL of the QR code looks nothing like remotely connected to Ledger's addresses: https://qrco(.)de/LedgerCompliance
(do NOT visit this page, do NOT ever enter your seed recovery words on an online foreign website).


Yes, indeed. Crypto wallet users should know this from the very start when they first create their crypto wallet, regardless if it's a software or hardware wallet.



Hm, the scammers use Amazon cloud, interesting. Likely with stolen accounts OR they're more stupid than is healthy.

This is a standard way to scare the victim, make them nervous and stop thinking critically. The fear of losing their assets or access to them is the strongest among investors (thrifty people).

From the outside, this method of deception looks so naive and stupid, but it certainly turned out to be effective. Unfortunately, many buyers of hardware wallets are not properly informed about the rules for storing the seed phrase (don't disclose or show the seed phrase to anyone. including, never enter this seed phrase anywhere.).

But only if it is not the same manufacturer that is known for its incompetence.:)

I would say, in disregard and negligence for the safety of their users' data.

As you can see, ledger figures in this story. Ledger screwed up again.

I don't know what's wrong with you people speculating about when the data leak happened, when I posted the official link that it happened in 2020. Also, I'm sure I read somewhere a few years ago that people were getting letters related to this data leak.


If you have the knowledge and ability to create a cold wallet without anyone knowing, that is definitely the best possible choice. However, if you are buying a hardware wallet, you should take into account that it can be done without endangering your private data - whether it is about buying such a device in a physical store (paying in cash), or ordering in a PO box. Whoever bought Ledger in one of those two ways has never had a problem with data leakage.

omg how they doing this?

police can track sender?

is that so hard?

I did not see anything like letter sent to Ledger users after the hack on this forum, on news and on X. Where did you see the information? It would be good if you post the link here. As far as I know, this is the first time this is happening. After the hack, I only read about threatening calls and messages and not letters. And just like I posted before, the calls and messages are mostly in the language not spoken by the victim, unlike what is happening this time.

I did not know it has been up to five years. Time goes fast and waits for no one.

You aren't that naive, are you? I'm 100% sure that the physical letter's envelope didn't have any sender's address on them. The letter itself likely has Ledger's HQ Paris address (I didn't check) on them. The scammer very likely didn't disclose their own location unless they are insanely stupid (can't exclude stupidity entirely).

It would be a red flag for me already if an official company doesn't put their own postal address as sender on the envelope or visible through the envelope's transparent address window, even when it is faked.

---

I find this conclusion a bit over-the-top, I mean to avoid hardware wallets. The problem is not the hardware wallet itself, it's the data trail a buyer produces when they purchase such stuff online AND companies like Ledger who can't secure your customer data because they screw up or don't care or are just a bunch of incompetent people regarding customer data.

Ledger could produce the coolest hardware wallet the world has seen (they won't), with their history records, I would never ever buy anything from Ledger. I've limited power as a buyer, but I let my wallet speak and deny Ledger to receive any money from me.


You can build a hardware wallet from parts that don't scream "crypto hardware wallet", e.g. Krux or Seedsigner or similar DIY projects.

Air-gapped cold wallets are secure as long as you execute them properly, but they are less convenient than a hardware wallet (some of which you can buy offline, but only at very limited places which might not be accessible for many users).


P.S. (some time later)
I'm a bit surprised the scammers spent money to send out physical letters because that's is more expensive than sending phishing emails. I guess fooling at least one wallet owner should pay off, though.

Since it's been a long time, I really can't remember which topic it was in.
However, it is possible that it was not a scam that targeted only Ledger users, but that someone used the same database to send letters regarding crypto scams to users' physical addresses.


The first post on this page (right above yours) contains accurate information, I don't know how something like that could be overlooked. It seems to me that less time has passed, but it's obvious that 5 years fly by in an instant. Yet, even after all this time, it appears that this data leak is something that will have far-reaching consequences.

What you think is impossible in this world, you will discover that is happening  already some where else in the world, thanks for sharing this scam incident that happened last year, I think people will ignore any suspect  mail messages  that will come in for the purchase of their wallets.