---
title: Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
type: raw
source: newsletter
source_url: https://hackread.com/scammers-physical-phishing-letters-ledger-wallet-seed/
tags: [hackread, mistral-ai, security, vulnerability, repository-attack]
fetcher: jina
sha256: 657b61f910248555
ingested: 2026-05-20
---
Published Time: 2026-05-17T12:55:35+01:00
Markdown Content:
# Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
[![Image 1: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 2: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)
*   [Hacking News](https://hackread.com/category/data-breaches/hacking-news/)
    *   [Leaks](https://hackread.com/category/data-breaches/hacking-news/leaks-affairs/)
    *   [WikiLeaks](https://hackread.com/category/data-breaches/hacking-news/wikileaks-affairs/)
    *   [Anonymous](https://hackread.com/category/data-breaches/hacking-news/anonymous/)
*   [Technology](https://hackread.com/category/technology/)
    *   [Android](https://hackread.com/category/technology/android/)
    *   [Apple](https://hackread.com/category/technology/anews/)
    *   [Google](https://hackread.com/category/technology/gnews/)
    *   [Microsoft](https://hackread.com/category/technology/microsoft/)
    *   [Samsung](https://hackread.com/category/technology/samsung/)
    *   [3D](https://hackread.com/category/technology/3d/)
    *   [How To](https://hackread.com/category/how-to/)
    *   [Artificial Intelligence](https://hackread.com/category/artificial-intelligence/)
        *   [Machine Learning](https://hackread.com/category/artificial-intelligence/machine-learning/)
*   [Cyber Crime](https://hackread.com/category/latest-cyber-crime/)
    *   [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/)
    *   [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/)
*   [Security](https://hackread.com/category/security/)
    *   [Malware](https://hackread.com/category/security/malware/)
    *   [Censorship](https://hackread.com/category/cyber-events/censorship/)
    *   [Cyber Attacks](https://hackread.com/category/cyber-events/cyber-attacks-cyber-events/)
*   [Crypto](https://hackread.com/category/cryptocurrency/)
    *   [Blockchain](https://hackread.com/category/blockchain/)
*   [Surveillance](https://hackread.com/category/surveillance/)
    *   [Drones](https://hackread.com/category/surveillance/drones/)
    *   [NSA](https://hackread.com/category/surveillance/nsa/)
    *   [Privacy](https://hackread.com/category/surveillance/privacy/)
*   [Gaming](https://hackread.com/category/gaming/)
*   [Submit Press Release](https://hackread.com/submit-press-release/)
[![Image 3: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 4: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)
*   [Hacking News](https://hackread.com/category/data-breaches/hacking-news/)
    *   [Leaks](https://hackread.com/category/data-breaches/hacking-news/leaks-affairs/)
    *   [WikiLeaks](https://hackread.com/category/data-breaches/hacking-news/wikileaks-affairs/)
    *   [Anonymous](https://hackread.com/category/data-breaches/hacking-news/anonymous/)
*   [Technology](https://hackread.com/category/technology/)
    *   [Android](https://hackread.com/category/technology/android/)
    *   [Apple](https://hackread.com/category/technology/anews/)
    *   [Google](https://hackread.com/category/technology/gnews/)
    *   [Microsoft](https://hackread.com/category/technology/microsoft/)
    *   [Samsung](https://hackread.com/category/technology/samsung/)
    *   [3D](https://hackread.com/category/technology/3d/)
    *   [How To](https://hackread.com/category/how-to/)
    *   [Artificial Intelligence](https://hackread.com/category/artificial-intelligence/)
        *   [Machine Learning](https://hackread.com/category/artificial-intelligence/machine-learning/)
*   [Cyber Crime](https://hackread.com/category/latest-cyber-crime/)
    *   [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/)
    *   [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/)
*   [Security](https://hackread.com/category/security/)
    *   [Malware](https://hackread.com/category/security/malware/)
    *   [Censorship](https://hackread.com/category/cyber-events/censorship/)
    *   [Cyber Attacks](https://hackread.com/category/cyber-events/cyber-attacks-cyber-events/)
*   [Crypto](https://hackread.com/category/cryptocurrency/)
    *   [Blockchain](https://hackread.com/category/blockchain/)
*   [Surveillance](https://hackread.com/category/surveillance/)
    *   [Drones](https://hackread.com/category/surveillance/drones/)
    *   [NSA](https://hackread.com/category/surveillance/nsa/)
    *   [Privacy](https://hackread.com/category/surveillance/privacy/)
*   [Gaming](https://hackread.com/category/gaming/)
*   [Submit Press Release](https://hackread.com/submit-press-release/)
[![Image 5: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 6: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)
##### The Latest
![Image 7: AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks](https://hackread.com/wp-content/uploads/2026/05/ai-agent-security-automating-prompt-injection-data-leak-110x110.jpg)
[](https://hackread.com/ai-agent-security-automating-prompt-injection-data-leak/)
###### [AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks](https://hackread.com/ai-agent-security-automating-prompt-injection-data-leak/)
![Image 8: How Parts Inventory Management Software Fixes Inventory Challenges](https://hackread.com/wp-content/uploads/2026/05/parts-inventory-management-software-inventory-challenges-110x110.jpg)
[](https://hackread.com/parts-inventory-management-software-inventory-challenges/)
###### [How Parts Inventory Management Software Fixes Inventory Challenges](https://hackread.com/parts-inventory-management-software-inventory-challenges/)
![Image 9: Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts](https://hackread.com/wp-content/uploads/2026/05/pwn2own-berlin-2026-closes-zero-day-payouts-2-110x110.jpg)
[](https://hackread.com/pwn2own-berlin-2026-closes-zero-day-payouts/)
###### [Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts](https://hackread.com/pwn2own-berlin-2026-closes-zero-day-payouts/)
![Image 10](https://hackread.com/wp-content/uploads/2026/05/inforsec_sns_1_1777449269P69IHYw2A5-110x110.jpg)
[](https://hackread.com/criminal-ip-returns-to-infosecurity-europe-2026-with-advanced-ai-driven-ti-asm/)
###### [Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM](https://hackread.com/criminal-ip-returns-to-infosecurity-europe-2026-with-advanced-ai-driven-ti-asm/)
*   [Zyxel](https://hackread.com/tag/zyxel/)
*   [Zynga](https://hackread.com/tag/zynga/)
*   [Zyklon B hacker](https://hackread.com/tag/zyklon-b-hacker/)
*   [Zygote](https://hackread.com/tag/zygote/)
*   [Zurich Insurance Group](https://hackread.com/tag/zurich-insurance-group/)
*   [Zues Malware](https://hackread.com/tag/zues-malware/)
*   [Zues](https://hackread.com/tag/zues/)
*   [ZTNA](https://hackread.com/tag/ztna/)
*   [ZTA Gateways](https://hackread.com/tag/zta-gateways/)
*   [ZTA](https://hackread.com/tag/zta/)
![Image 11: Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases](https://hackread.com/wp-content/uploads/2026/05/scammers-physical-phishing-letters-ledger-wallet-seed.jpeg)
*   [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/)
*   [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/)
*   [Security](https://hackread.com/category/security/)
 Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases. 
[![Image 12](https://secure.gravatar.com/avatar/3c971597535b97dcf1c986f945aa98a632225995095afc68c2a7c0dff262d639?s=26&d=mm&r=g)by Waqas](https://hackread.com/author/hackread/ "View all posts by Waqas")
May 17, 2026
2 minute read
Crypto wallet owners using [Ledger hardware wallets](https://hackread.com/teen-hacks-ledger-hardware-cryptocurrency-wallet/) are being targeted through physical mail, with scammers impersonating the company in a campaign designed to steal recovery seed phrases. The operation uses printed letters that look official, complete with Ledger branding, a reference number, and a fake security notice warning recipients about an urgent “Quantum Resistance” update.
One example of the scam circulating online shows an Italian language version addressed to a customer in Italy, suggesting the attackers are tailoring the campaign based on regional customer data. The letter claims users must complete a mandatory security upgrade for their Ledger device before a deadline or risk losing wallet functionality.
The letter includes a [QR code](https://hackread.com/unicode-qr-code-phishing-scam-bypasses-security/) that routes victims to a phishing website. From there, users are asked to enter their 24-word recovery seed phrase, the single piece of information that gives full access to a crypto wallet. Once entered, attackers can immediately drain stored cryptocurrency assets.
The fake notice is signed in the name of Ledger CTO Charles Guillemet and references a supposed “Quantum Resistance” security system meant to defend wallets against quantum computing threats. The wording attempts to create urgency by warning users that failure to complete the update may disrupt wallet access and disable certain features.
It is worth noting that although the letter includes Ledger’s corporate address in Paris, France, the recipient shown in the circulating example appears to be based in Italy. The document is fully written in Italian, which suggests the campaign is targeting users in multiple countries with localized versions rather than focusing only on French customers.
[![Image 13: Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases](https://hackread.com/wp-content/uploads/2026/05/scammers-physical-phishing-letters-ledger-wallet-seeds-768x1024.jpeg)](https://hackread.com/wp-content/uploads/2026/05/scammers-physical-phishing-letters-ledger-wallet-seeds.jpeg)
The fake letter (Screenshot credit: [@IntCyberDigest](https://x.com/IntCyberDigest/status/2055430305792623000) on [X](https://x.com/IntCyberDigest/status/2055430305792623000))
Ledger has [publicly confirmed](https://support.ledger.com/article/scams-targeting-crypto-holders) that physical phishing campaigns targeting crypto holders are active. In its support advisory, the company warns customers that any message, email, social media account, or physical letter requesting a recovery phrase is fraudulent.
The company also repeated a rule long emphasized by hardware wallet vendors across the crypto industry: recovery phrases should never be shared with anyone under any circumstances. Ledger stated that it will never ask users to reveal their 24-word secret phrase, whether through a website, QR code, phone call, or printed document.
Attention is also turning toward the source of the mailing data. Researchers and crypto community members suspect the information may have originated from the January 2026 breach involving Global-e, Ledger’s e-commerce processing partner. While that connection has not been officially confirmed, the localized nature of the letters has fueled speculation that attackers had access to customer shipping and regional order data.
Discover more
Wallet
Hacking & Cracking
email
This is not the first time Ledger users have faced targeted phishing attempts after customer information leaks. Previous campaigns have included fake firmware updates, [cloned Ledger Live applications](https://hackread.com/fake-ledger-live-app-apple-store-crypto-theft/), phishing emails, and counterfeit hardware wallets designed to harvest seed phrases.
For affected users, the safest response is straightforward. Do not scan the QR code, do not visit the linked site, and never enter a recovery phrase anywhere outside the initial wallet recovery process on a trusted device. Anyone who has already submitted their seed phrase should immediately transfer funds to a newly created wallet with a fresh recovery phrase before attackers gain access.
##### [Waqas](https://hackread.com/author/hackread/)
[![Image 14](https://secure.gravatar.com/avatar/3c971597535b97dcf1c986f945aa98a632225995095afc68c2a7c0dff262d639?s=80&d=mm&r=g)](https://hackread.com/author/hackread/)
 I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. 
[View Posts](https://hackread.com/author/hackread/)
*   [Crypto](https://hackread.com/tag/crypto/)
*   [Cyber Attack](https://hackread.com/tag/cyber-attack/)
*   [Cybersecurity](https://hackread.com/tag/cybersecurity/)
*   [France](https://hackread.com/tag/france/)
*   [Fraud](https://hackread.com/tag/fraud/)
*   [Italy](https://hackread.com/tag/italy/)
*   [Ledger](https://hackread.com/tag/ledger/)
*   [Phishing](https://hackread.com/tag/phishing/)
*   [Privacy](https://hackread.com/tag/privacy/)
*   [QR](https://hackread.com/tag/qr/)
*   [QR Code](https://hackread.com/tag/qr-code/)
*   [Scam](https://hackread.com/tag/scam/)
##### Leave a Reply [Cancel reply](https://hackread.com/scammers-physical-phishing-letters-ledger-wallet-seed/?utm_source=tldrinfosec#respond)
Your email address will not be published.Required fields are marked *
Comment *
Name *
Email *
Website
Δ
View Comments (0)
##### Subscription Form
![Image 15: loader](https://hackread.com/wp-includes/images/spinner.gif)
Email Address*
FIRSTNAME
LASTNAME
Discover more
Wallets
Email & Messaging
Email
emails
Technology News
Handbags & Purses
wallet
Digital Currencies
##### Latest Posts
*   [AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks](https://hackread.com/ai-agent-security-automating-prompt-injection-data-leak/)
*   [How Parts Inventory Management Software Fixes Inventory Challenges](https://hackread.com/parts-inventory-management-software-inventory-challenges/)
*   [Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts](https://hackread.com/pwn2own-berlin-2026-closes-zero-day-payouts/)
*   [Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM](https://hackread.com/criminal-ip-returns-to-infosecurity-europe-2026-with-advanced-ai-driven-ti-asm/)
*   [Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report](https://hackread.com/two-thirds-of-nonhuman-accounts-are-unseen-and-unmanaged-according-to-orchid-securitys-identity-gap-report/)
##### PRESS RELEASE
*   
![Image 16](https://hackread.com/wp-content/uploads/2026/05/inforsec_sns_1_1777449269P69IHYw2A5-80x80.jpg) [](https://hackread.com/criminal-ip-returns-to-infosecurity-europe-2026-with-advanced-ai-driven-ti-asm/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM](https://hackread.com/criminal-ip-returns-to-infosecurity-europe-2026-with-advanced-ai-driven-ti-asm/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
*   
![Image 17](https://hackread.com/wp-content/uploads/2026/05/Orchid_Identity_Gap_report_Cyber_Newswire_photo_1779130638YN9ZSkjgqG-80x80.jpg) [](https://hackread.com/two-thirds-of-nonhuman-accounts-are-unseen-and-unmanaged-according-to-orchid-securitys-identity-gap-report/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report](https://hackread.com/two-thirds-of-nonhuman-accounts-are-unseen-and-unmanaged-according-to-orchid-securitys-identity-gap-report/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
*   
![Image 18](https://hackread.com/wp-content/uploads/2026/05/Lyrie_and_Anthropic_1778138816A1kmRs3pAH-80x80.jpg) [](https://hackread.com/lyrie-ai-joins-first-batch-of-anthropics-cyber-verification-program/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program](https://hackread.com/lyrie-ai-joins-first-batch-of-anthropics-cyber-verification-program/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
*   
![Image 19](https://hackread.com/wp-content/uploads/2026/05/LuxSci_Secure_Email_Mid-Sized_PR_1777922928HSMMEp3uoy-80x80.jpg) [](https://hackread.com/luxsci-launches-enterprise-grade-hipaa-compliant-email-security-for-mid-sized-healthcare-organizations/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations](https://hackread.com/luxsci-launches-enterprise-grade-hipaa-compliant-email-security-for-mid-sized-healthcare-organizations/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
*   
![Image 20](https://hackread.com/wp-content/uploads/2026/05/1200_700_1776732787DlSbx2MTHb-80x80.jpg) [](https://hackread.com/criminal-ip-and-securonix-threatq-collaborate-to-enhance-threat-intelligence-operations/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations](https://hackread.com/criminal-ip-and-securonix-threatq-collaborate-to-enhance-threat-intelligence-operations/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
Discover more
Computer Security
Currencies & Foreign Exchange
wallets
##### Related Posts
![Image 21: Beware the Blur: Phishing Scam Drops Byakugan Malware via Fake PDF](https://hackread.com/wp-content/uploads/2024/04/windows-users-receiving-byakugan-malware-in-fake-pdfs-3-260x195.jpg)
Read More
[](https://hackread.com/phishing-scam-drops-byakugan-malware-fake-pdf/)
*   [Security](https://hackread.com/category/security/)
*   [Malware](https://hackread.com/category/security/malware/)
*   [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/)
## [Beware the Blur: Phishing Scam Drops Byakugan Malware via Fake PDF](https://hackread.com/phishing-scam-drops-byakugan-malware-fake-pdf/)
 New Byakugan Malware Steals Data, Grants Remote Access & Uses OBS Studio to Spy! Fortinet reveals a phishing campaign distributing Byakugan malware disguised as a PDF. Don't click! Learn how to stay safe. 
[by Deeba Ahmed](https://hackread.com/author/deeba/ "View all posts by Deeba Ahmed")
*   [Security](https://hackread.com/category/security/)
*   [Surveillance](https://hackread.com/category/surveillance/)
## [DefCamp 2013 to Take Place on November 29-30 in Bucharest, NSA’s Surveillance will be a Hot Topic](https://hackread.com/defcamp-2013-to-take-place-29nov-nsa/)
 It is that time of the Year again; The DefCamp 2013 call for papers is officially open. The… 
[by Waqas](https://hackread.com/author/hackread/ "View all posts by Waqas")
*   [Hacking News](https://hackread.com/category/data-breaches/hacking-news/)
*   [Security](https://hackread.com/category/security/)
## [Blockchain Wallet CoinPouch Hacked; Verge Coins Stolen](https://hackread.com/blockchain-wallet-coinpouch-hacked-verge-coins-stolen/)
 Another day, another cryptocurrency wallet hacked – This time; it is Blockchain Wallet CoinPouch. CoinPunch, a Plano, Texas-based company providing… 
[by Waqas](https://hackread.com/author/hackread/ "View all posts by Waqas")
![Image 22: New Salty2FA Phishing Kit Bypasses MFA and Clones Login Pages](https://hackread.com/wp-content/uploads/2025/09/salty2fa-phishing-kit-bypasses-mfa-clone-login-pages-260x195.jpg)
Read More
[](https://hackread.com/salty2fa-phishing-kit-bypasses-mfa-clone-login-pages/)
*   [Security](https://hackread.com/category/security/)
*   [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/)
## [New Salty2FA Phishing Kit Bypasses MFA and Clones Login Pages](https://hackread.com/salty2fa-phishing-kit-bypasses-mfa-clone-login-pages/)
 A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read… 
[by Deeba Ahmed](https://hackread.com/author/deeba/ "View all posts by Deeba Ahmed")
[![Image 23: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo-footer.png)](https://hackread.com/)[![Image 24: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo-footer.png)](https://hackread.com/)
 HACKREAD is a news platform that centers on Cybersecurity, AI, InfoSec, Cyber Crime and Hacking News with full-scale reviews on Crypto and Technology trends. Founded in 2011, HackRead is based in the United Kingdom. Copyright © 2026 HackRead 
The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.
*   [About Us](https://hackread.com/about-us/)
*   [Our Team](https://hackread.com/team/)
*   [Contact Us](https://hackread.com/contact-us/)
*   [Our Mission](https://hackread.com/our-mission/)
*   [Privacy Policy](https://hackread.com/privacy-policy/)
[](https://hackread.com/scammers-physical-phishing-letters-ledger-wallet-seed/#top)