Hey everyone,
Wanted to share something that's been hitting people in real life — literally. I recently received a physical letter claiming to be from Ledger. It looked completely official: proper branding, fonts, even a fake CEO signature. It asked me to scan a QR code and "verify my wallet" due to a supposed security incident.
The domain on the letter was
www.authorize-ledger.com — NOT ledger.com. It's a phishing site designed to steal your 24-word seed phrase the moment you type it in.
Why this works:
Ledger suffered a database breach in July 2020 — over 270,000 customer records including home addresses leaked and are now circulating on dark web forums. Scammers are using this data to send targeted physical mail to confirmed hardware wallet owners. Unlike email phishing, a letter arriving at your door feels real and urgent.
2026 Update — now even worse:
Since January 2026, some envelopes include a counterfeit Ledger Nano X pre-loaded with a seed phrase controlled by the attacker. FBI IC3 reported 847 victims in Q1 2026 alone, with $12.3M in estimated losses.
The rules are simple:
- Ledger will NEVER contact you by physical mail asking for your seed phrase
- NEVER enter your 24 words on any website, ever
- NEVER use a hardware wallet that arrives unsolicited in the mail
- Real firmware updates only happen through Ledger Live
I found a detailed breakdown of the scam including photos and the anatomy of the letter here:
👉
https://cryptostrapon.com/stories/fake-ledger-lettersStay safe. If you received one of these letters, post here — would be good to track how widespread this is.
