Key Takeaways:
Scammers are mailing counterfeit letters posing as Ledger representatives through USPS, pressuring cryptocurrency users to “validate” their wallets, potentially leading to the theft of private keys. This approach marks a significant departure from internet-only phishing schemes, raising alarms about the security of crypto assets.
In a concerning development, a new phishing scam has emerged, targeting cryptocurrency holders using traditional mail. Scammers are masquerading as Ledger, a well-known hardware wallet manufacturer, and sending forged letters that instruct users to “validate” their wallets to avoid losing access to their funds.
Mike Belshe, the CEO of BitGo, was one of the early indicators of this scheme, sharing a photo of the deceptive correspondence that featured a QR code likely directing recipients to a phishing website aimed at harvesting private keys.
Shift to Physical Phishing Tactics via USPS
Reports indicate that these fraudulent letters have been distributed through the United States Postal Service (USPS), suggesting a shift from online phishing strategies to physical social engineering tactics.
Troy Lindsey, another recipient, took to social media to alert others: “These are all scams. Do not fall for any of these.”
I got the same one last week I took and had @grok analyze it. These are all scams do not fall for any of these!! pic.twitter.com/ZFNpQpujqA
— Troy Lindsey (@TroyandOlga) May 24, 2025
This warning aligns with rising concerns about phishing operations that exploit physical authenticity to mislead cryptocurrency users into revealing sensitive information.
This wave of attacks comes at a time when cryptocurrency-related phishing incidents are surging. For instance, in April, an elderly victim lost $330 million in Bitcoin in a heist linked to a scam call center operating out of Camden, UK, as confirmed by blockchain investigator ZackXBT.
Coinbase also faced a ransom attempt earlier this month after sensitive user information was leaked by customer support contractors. Attackers demanded $20 million, which Coinbase declined to pay, stating that no private keys or account access had been compromised. However, the leaked data included names and personal contact details.
Michael Arrington, founder of TechCrunch, criticized the exchange’s vulnerability, cautioning that such breaches could result in serious ramifications for affected customers.
Trojans Targeting macOS Users via Fake Ledger Live Apps
In another alarming incident, cybersecurity firm Moonlock warned of a wave of malware attacks aimed at macOS users, leveraging trust in Ledger Live, a widely used crypto wallet management application.
Malicious actors are reportedly deploying trojanized versions of Ledger Live to deceive users into surrendering their recovery phrases through convincing pop-ups.
According to Moonlock, within the span of a year, these attackers have adapted to steal seed phrases and empty victims’ wallets, indicating a significant evolution in their tactics.
One of the primary methods of infection involves the Atomic macOS Stealer, a tool engineered to exfiltrate sensitive data such as passwords, notes, and cryptocurrency wallet information.
Moonlock identified this malware on at least 2,800 compromised websites. Once the malware is installed, it discreetly replaces the legitimate Ledger Live app with a counterfeit version that generates fraudulent alerts to capture users’ seed phrases.
When a user inputs their 24-word recovery phrase into the bogus application, that sensitive information is transmitted to servers controlled by the attackers.
The post Scammers Send Fake Ledger Letters in Latest Crypto Phishing Scheme appeared first on Finance Newso.
