The Ledger Physical Letter Scam is a new and dangerous phishing campaign targeting crypto users by mail. If you use a Ledger wallet and recently received a letter in the mail warning of a security breach — stop.
Don’t scan the QR code. Don’t visit the website. And above all, don’t enter your 24-word recovery phrase anywhere, no matter how official it looks.
In recent months, scammers have returned with a new wave of attacks — this time through physical mail.
Armed with leaked customer data, they’re sending convincing letters that impersonate Ledger support, urging users to act fast.
The goal? Trick victims into revealing their recovery phrases and emptying their wallets.
Here’s how the Ledger Physical Letter Scam works, what the letter looks like, and what you should do if you’ve been targeted.
How the Ledger Physical Letter Scam Works — and What It Looks Like
In early 2025, scammers revived an old tactic with new precision: targeting Ledger wallet users by physical mail, using real names and addresses leaked from the 2020 data breach.
These phishing attacks are sent via USPS (United States Postal Service) and framed as urgent security notices.
The goal is simple — get you to enter your 24-word recovery phrase on a fake website.
Step-by-Step Breakdown of the Ledger Physical Letter Scam
1. A letter arrives by physical mail
The envelope contains a printed letter appearing to be from Ledger Security & Compliance. It includes Ledger’s branding, a Paris address, and a fake reference number.
2. It warns of a security issue
The letter claims your wallet requires “mandatory validation” to ensure the safety of your funds. This message creates urgency and pressure.
3. You’re directed to scan a QR code or visit a phishing site
In the example letter, the domain is www.authorize-ledger.com — not an official Ledger domain. The page mimics a support portal but is designed to steal credentials.
4. The fake site asks for your recovery phrase
Victims are prompted to enter their full 24-word recovery phrase, falsely described as necessary to secure the wallet.
5. Funds are drained within minutes
Attackers use the recovery phrase to gain full access and empty the wallet, often transferring funds across chains to avoid traceability.
Key Elements of the Ledger Scam Letter
- Header: “Mandatory Wallet Validation”
- Sender: Ledger Security & Compliance, 1 Rue du Mail, 75002 Paris, France
- Fake support reference number: e.g., 8922-3432-3382
- Scam URL: [www.authorize-ledger.com] – do not access this url
- Language: Poses as a protective measure but is purely social engineering
Even the fine print includes a misleading warning not to share sensitive data — a detail meant to legitimize the letter while it does the opposite.
Ledger’s Official Response to the Physical Letter Scam
Ledger has addressed this phishing campaign clearly and directly on its support page. Their position about it is very clear:
“Ledger will never ask for your 24-word recovery phrase. Not via email. Not via phone. Not via mail. Never.”
What Ledger Confirms:
- Ledger does not send letters by mail
Any physical mail that urges action or includes a QR code is fraudulent. - There is no such thing as “wallet validation”
Your device is either genuine or not. Ledger will never ask you to verify or “reclaim” a wallet through a third-party site. - The breach occurred in 2020
Scammers are using this leaked data — including names, phone numbers, and physical addresses — to personalize attacks. - Always use Ledger Live and official domains
If it’s not ledger.com, it’s not safe.
Ledger has also reiterated the importance of never sharing your recovery phrase and has increased user education efforts through its app, social media, and Ledger Academy.
Important Reminder: No Serious Team Will Ever Ask for Your Recovery Phrase
Let this be clear:
No serious team — including Klever Wallet, Ledger, Trezor, or TrustWallet — will ever ask for your 24-word recovery phrase.
Not by email. Not by phone. Not by chat. Not by a form. Not by dm. Not by mail.
Your seed phrase is the master key to your wallet. Anyone who has it can — and will — access your assets.
That’s why:
- It’s created during setup, stored offline, and used only on your device.
- Wallet apps like Klever Wallet and Ledger Live never ask for it once your wallet is initialized.
- Any request for your seed phrase, especially outside your device, is a red flag.
If a message, form, or letter asks for your phrase, it is a crypto scam. Close it. Ignore it. And verify only through trusted apps and official websites.
What to Do If You Scanned the QR Code or Entered Your Recovery Phrase
If you interacted with the Ledger Scam letter, take immediate action — especially if you entered your seed phrase.
If You Visited the Site but Did Not Enter Anything:
- Do not return to the link.
- Run a malware scan.
- Reset your browser’s cache.
- Stay alert for future phishing attempts.
If You Entered Your 24 Words:
- Transfer your funds immediately
Create a new wallet (on a secure device) and transfer any remaining assets. - Revoke all dApp permissions
Use tools like revoke.cash or your wallet’s built-in permissions screen. - Report the incident
Contact Ledger Support - Monitor for further scams
Scammers often attempt follow-up attacks once they know a user is vulnerable. - Educate and secure
Write your new seed phrase offline. Do not store it digitally. Avoid QR codes or third-party “recovery” links.
Trust the Device, Not the Message
The beauty of self-custody is control. But control comes with responsibility. If a scammer gets your recovery phrase, they get your crypto — and there’s no one to call for help.
The latest phishing campaigns are more sophisticated than ever, mixing real-world tactics like printed letters with fake URLs and urgent language. But no matter how polished the presentation, the rule never changes:
If someone asks for your 24-word recovery phrase, they are trying to steal from you.
Stay alert. Trust your device — not the message. And always verify through official apps and domains.
Be Klever.
