Fraudsters Send Fake Emails on Behalf of Ledger to Steal Seed Phrases

The incident was reported by trader Jacob Canfield, who published a photo of one of these letters on the X social network. The image shows the Ledger logo and text threatening to restrict access to assets if the "verification" is refused.

Ledger quickly responded to the publication, confirming that the letters were the work of scammers. The company's representatives emphasize that they never request seed phrases, write to users directly, or call with such demands.

According to Canfield, the addresses to which the letters were sent could have fallen into the hands of attackers as a result of a data leak. In 2020, Ledger did admit that more than 270,000 customers suffered from the compromise of their personal data, including addresses, phone numbers, and emails. At the same time, information about almost 5,000 users from Russia became publicly available.

Despite this, in official comments, Ledger did not confirm the connection of the current mailing with that leak, leaving the question of how to obtain the addresses unanswered.

This is not the first serious attack on Ledger users and infrastructure. In December 2023, the Ledger Connect Kit library, actively used by many crypto platforms for authorization, was hacked. As a result of the hack, about $600 thousand were stolen. The company promised to compensate users for the losses incurred.

And already in January 2025, Ledger co-founder David Balland became a victim of kidnapping. He was forcibly taken from his home in France, demanding a ransom in cryptocurrency. Fortunately, French police and special forces were able to free him the next day.

Crypto wallet users are reminded: genuine Ledger representatives will never ask for confidential information. Even if the letter looks official, you should not enter your seed phrase under any circumstances.