Scammers posing as Ledger, a hardware wallet manufacturer, are sending physical letters to crypto users instructing them to “validate” their wallets or risk losing access to funds, in the latest phishing attack to impact the industry.

BitGo CEO Mike Belshe shared a picture of the scam letter, which featured a QR code, presumably linked to a malicious phishing site. The letter was sent through the United States Postal Service (USPS), according to the executive.

“These are all scams do not fall for any of these,” Troy Lindsey wrote after receiving a copy of the phishing letter.

A copy of the scam Phishing letter. Source: Mike Belshe

Cointelegraph reached out to Ledger for comment but was unable to obtain a response by the time of publication.

This phishing attempt highlights the ever-evolving complexity and tactics of social engineering scams designed to steal crypto private keys, user funds, and other sensitive data from unsuspecting victims.

Related: Hackers using fake Ledger Live app to steal seed phrases and drain crypto

Coinbase and crypto users hit hard by phishing attacks in 2025

In April 2025, $330 million in Bitcoin (BTC) was stolen from an elderly individual through a phishing attack, onchain detective ZackXBT confirmed in an April 30 X post.

“Two suspects in the $330 million heist include ‘Nina/Mo’ — a Somalian who operates a call scam center in Camden, UK — and an accomplice ‘W0rk,’ who assisted with the site and call,” the onchain security analyst said in an update.

On May 15, crypto exchange Coinbase announced it was the target of a ransom attempt after customer service contractors, who were later fired by the company, leaked user data to threat actors.

The scammers demanded a $20 million ransom, which Coinbase refused to pay, and the stolen data included names, addresses, contact information, and a limited amount of other sensitive account data belonging to a small subset of Coinbase customers.

No private keys, login credentials, or accesses to Coinbase Prime accounts were compromised during the leak, according to the exchange.

TechCrunch founder Michael Arrington was highly critical of the exchange for the security failure, arguing that it will lead to physical violence against customers exposed in the hack.

Magazine: Crypto-Sec: Phishing scammer goes after Hedera users, address poisoner gets $70K