Today, on April 30, Ledger confirmed that a letter circulating in the mail is a scam. The fake notice, which urges users to upgrade their devices, began appearing after crypto trader Jacob Canfield shared a copy on X(Twitter) yesterday.

You are correct, this is a scam. We appreciate your efforts to warn others. Please stay vigilant against phishing attempts. Scammers impersonating Ledger and Ledger representatives are unfortunately common. While we actively report and block scammers, we can't control what…

— Ledger (@Ledger) April 29, 2025

Scammers have been sending these physical letters to home addresses obtained from a recent Ledger data leak, hoping to trick recipients into revealing their 24-word recovery phrases by posing as official Ledger security staff.

The Scam Unveiled

The fraud began when victims received a printed note, urging them to perform a supposed security upgrade. They were told this step was urgent because of a newly discovered risk. 

Crypto dealer Jacob Canfield posted a photo of the document on X (Twitter), noting that it likely uses information from the leak of 270,000 Ledger user emails and addresses. A different user on X(Twitter) warned others that the scheme targets anyone not well-versed in crypto basics.

Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.

Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt

— Jacob Canfield (@JacobCanfield) April 28, 2025

Ledger’s Warning

In response, Ledger stated clearly that it will never call, message, or email asking for a recovery phrase.

The company praised those who raised the alarm and urged everyone to remain alert to phishing attempts. 

Also Read: Ledger Users Targeted By Sophisticated Crypto Phishing Campaign Aimed At Stealing Recovery Phrases

Ledger pointed out that scammers often pretend to be official representatives, using real or fake accounts on social media and in emails.

While the firm blocks and reports many offenders, it cannot prevent scammers from acting. Users are told to contact Ledger’s official support channels only.

Broader Security Risks

Ledger reminded its community that the firm’s devices are designed to protect private keys regardless of external threats. Over the years, Ledger has faced supply-chain attacks and ongoing phishing campaigns. 

Now, it also highlights recent research into other brands. Ledger’s open-source team discovered flaws in Trezor’s Safe 3 and Safe 5 models. Both devices share a microcontroller vulnerability that could allow hackers to extract keys with voltage glitching techniques.

Keeping Crypto Safe

As the hardware-wallet market grows, users must stay cautious. No real security notice will ever ask for your recovery phrase. Always verify any request through official channels. If in doubt, pause and seek advice before taking any action. A small check can prevent a major loss.

The rise in scam letters underlines a simple fact: attackers will use any available data against you. Physical mail adds a new layer of risk, since it feels more personal. 

Ledger’s advice stands for all crypto users, which is to treat your recovery phrase as your last secret. Never share it, in writing or online. Staying aware is the best way to protect your funds.

This incident shows how fraudsters evolve tactics to catch even cautious users off guard. By keeping messages short, clear, and consistent, Ledger hopes to cut through confusion.

Also Read: Ledger Co-Founder David Balland’s Finger Cut By Kidnappers, Police Arrests 10 Men