Ledger Warns Users of Scam Letters Demanding Seed Phrases
- Ledger users are being targeted by scammers sending fake physical letters that mimic official communications, asking for their seed phrases.
- The scam letters appear legitimate, using Ledgers logo, business address, and threats of account deactivation to pressure recipients.
- This phishing attempt may be connected to the 2020 Ledger data breach that exposed over 270,000 customers personal details, including home addresses.
Theres a new crypto scam in town, and it involves sending physical letters to individuals who own Ledger crypto hardware wallets. In the letter, the perpetrators are asking these individuals to confirm their private seed phrases.
If they do, the scammers will access their wallets and withdraw all their funds. Recently, tech commentator Jacob Canfield shared his experience of receiving one of such letters on X.
According to him, he received the letter in his home post box, and the letter looks it is truly from the crypto hardware wallet provider. The letter claimed that theres a need to validate Canfields device and that he should scan a QR code and enter his wallets private recovery phrase.
As a proof of that the letter was not fake, it had Ledgers logo, business address and a reference number. The letter also stated that Canfield could lose access to his wallet and funds should he fail to comply with the validation process.
Source: X (@JacobCanfield)
A seed or recovery phrase contains up to 24 words that open access to a crypto wallet. Hence, anyone (including a scammer) with a wallets seed phrase can access it, perform transactions or transfer funds out of the wallet.
Ledger responded to Canfields tweet, stating that the letter is a scam and warned its users to be on guard against phishing attempts.
Is There a Possible Connection to the Ledger Data Leak?
Canfield claimed that the companys customers whose data were leaked about 5 years ago were the largest receivers of these scam letters. Five years ago, Ledger admitted that a hacker accessed its database illegally and released the personal information of over 270,000 of the firms customers online.
The information included the customers home addresses, phone numbers and names. A year later, a report by Bleeping Computer claimed that many Ledger users stated that they received Ledger devices in their post boxes without requesting them.
The report added that the design of the devices had been modified and contained malware which would become active upon use.
Read more: https://www.tronweekly.com/ledger-warns-users-of-scam-letters/
Text source: TronWeekly
