Scam Letters Target Seed Phrases: Protect Your Crypto Identity

Fraudsters are sending physical mail to the owners of Ledger cryptocurrency hardware wallets, requesting them to confirm their private seed phrases with the intent to gain access and empty these wallets.

On April 29, tech analyst Jacob Canfield published a post on X where he discussed shared a scam letter sent to his home through the mail, which seemed to come from Ledger, stating he urgently needed to carry out a "critical security upgrade" on his device.

The message, utilizing Ledger’s emblem, official office address, and a purported identification number to appear genuine, requests scanning of a QR code followed by inputting the wallet’s confidential key. recovery phrase Under the pretense of testing the equipment.

The message warns that “not going through this required verification process might lead to limited access to your wallet and money.”

A seed phrase, also known as a recovery phrase, consists of up to 24 words that provide access to your cryptocurrency wallet. If a fraudster obtains this phrase, they gain the ability to take over and manage the connected wallet for moving funds out of it.

Earlier this month, the X profile of a cryptocurrency hardware wallet seller was targeted. said It had similarly received numerous reports of Ledger users getting an identical letter.

Following Canfield’s post, Ledger said The message is a fraud, and they warned its device users to remain cautious and watchful. phishing attempts .

Related: Ledger wallet user reports losing 10 bitcoins — Community points fingers at phishing

“ Ledger will never make a phone call, send a direct message, or request your 24-word recovery phrase. If anyone asks for this information, it’s a scam,” the statement noted.

Please avoid interacting with profiles stating they are Ledger employees or anybody offering assistance to reclaim funds.

It's unclear if this is related to the Ledger’s data breach.

Canfield indicated that fraudsters might be mailing letters to Ledger clients whose information had been exposed almost half a decade earlier.

In July 2020, a cybercriminal breached Ledger’s database and made public the private data of over 270,000 of its clients online, including their names, telephone numbers, and residential addresses.

In the subsequent year, multiple Ledger users reported receiving mail fake Ledger devices those that were altered to install malware when used, according to Bleeping Computer reported at the time.

Magazine: Your AI 'digital counterpart' can attend meetings and provide solace to your near and dear ones.