Ledger Users Targeted by USPS Phishing Scam
The cryptocurrency industry is facing a new wave of phishing attacks, with scammers now resorting to physical mail to target unsuspecting users. The latest incident involves scammers posing as Ledger, a prominent hardware wallet manufacturer, sending physical letters to users via the United States Postal Service (USPS).
These letters, shared by BitGo CEO Mike Belshe, instruct recipients to “validate” their wallets, warning them of potential account loss if they fail to do so. The letters contain QR codes, presumably leading to malicious phishing websites designed to steal sensitive data such as private keys and account credentials. The sophisticated nature of this attack, involving physical mail delivery, raises serious concerns about the evolving tactics employed by scammers.
“These are all scams do not fall for any of these,” Troy Lindsey, a user who received a copy of the phishing letter, warned fellow crypto enthusiasts. This stark reminder underscores the importance of staying vigilant against social engineering attacks, even when they appear legitimate.
A Growing Trend of Social Engineering in Crypto
This phishing campaign is not an isolated incident. The cryptocurrency industry has been battling a surge in social engineering scams, with attackers increasingly employing sophisticated tactics to exploit users’ trust and steal their valuable assets.
In April 2025, an elderly individual lost $330 million in Bitcoin (BTC) through a phishing attack, highlighting the devastating financial consequences of these scams. Coinbase, a major cryptocurrency exchange, was also targeted by a ransom attempt after customer service contractors leaked user data to threat actors. This incident underscores the importance of robust security measures and vigilant cybersecurity practices across the cryptocurrency ecosystem.
While Ledger has not yet publicly commented on this specific phishing campaign, the incident serves as a stark reminder to all cryptocurrency users to remain skeptical of any unsolicited communication, especially those involving sensitive information like private keys or account details.
Experts recommend verifying any communication with reputable platforms through official channels, carefully inspecting website URLs for authenticity, and avoiding clicking on suspicious links or scanning unfamiliar QR codes. In the ever-evolving world of crypto, staying informed and adopting strong security practices is crucial to safeguarding your digital assets.
