Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases

A targeted physical-phishing campaign is sending localized, Ledger-branded letters with QR codes that direct recipients to phishing sites asking for their 24-word recovery seed phrases; Ledger has confirmed such physical phishing campaigns are active and warns users never to share their seed. The report highlights possible use of customer shipping/order data—potentially from the January 2026 Global-e breach—to localize mailings and urges affected users to avoid the QR code, never enter recovery phrases, and move funds to a new wallet if compromised.