Danger! Phishing attack on crypto users: False ledger letters in circulation!

Danger! Phishing attack on crypto users: False ledger letters in circulation!

The danger of phishing attacks is growing, especially for users of crypto wallets. Fraudsters are currently active, posing as the renowned hardware wallet manufacturer Ledger and trying to steal money and information from unsuspecting users. These attacks take various forms, both written and digital.

Today reports that malicious actors are sending physical letters through the United States Postal Service (USPS). These letters ask recipients to “validate” their wallets to prevent loss of access to their funds. The letters, which also contain a QR code, are believed to lead to fraudulent websites that aim to steal private keys, user funds and sensitive data.

A legitimate alarm

BitGo CEO Mike Belshe issued a stern warning to the crypto community and shared an image of one such scam letter. Affected users, like Troy Lindsey, have also received and shared these letters to warn others. The scam is reminiscent of previous incidents in which fake Ledger Live apps were used to steal seed phrases.

In addition to physical letters, deceptively real emails are also in circulation. These messages initially appear to be official security warnings from Ledger and come via the SendGrid email platform. The subject lines, such as “Security Alert: Data Breach May Expose Your Recovery Phrase,” are intended to inspire trust and entice users to provide their recovery passwords.

Increased threat of phishing

The malicious emails ask users to verify their recovery code on a fake, seemingly secure website. Anyone who follows the instructions enters their 12, 18 or 24 word passphrase, which then immediately ends up on the scammers' servers. It can also happen that users receive an error message if they enter it correctly, which leads them to enter their data several times.

What is particularly alarming is that phishing attacks can lead to significant losses. An elderly person lost a whopping $330 million in Bitcoin in such an attack in April 2025, while recently Coinbase was the target of an extortion attempt after data from fired employees was leaked. The ransom demand was for $20 million, but Coinbase refused to pay. However, no private keys or credentials were compromised at Coinbase.

Protective measures for users

Given these threats, it is essential for crypto users to strengthen their security measures. Ledger will never ask for crypto wallet passwords and users should follow the following recommendations:

• Passwörter offline und sicher aufbewahren.
• Verdächtige Webseiten direkt in die Adresszeile des Browsers eingeben.
• Bei Verdacht auf Phishing-Mail umgehend den Support kontaktieren.
• Offizielle Kommunikationskanäle von Ledger regelmäßig überprüfen.
• E-Mail-Filter und Sicherheitssoftware nutzen, um verdächtige Nachrichten zu blockieren.

These incidents highlight the need for increased security measures and educating users about possible threats. Companies must secure their systems against such attacks while educating their customers about best security practices. The risk of falling victim to a phishing attack has never been higher.

For more information about how these attacks work and what users can do about them, read detailed reports from IT Boltwise and magic hat.