Federal prosecutors in Connecticut have forfeited more than $600,000 in Tether (USDT) linked to a sophisticated phishing scam that used physical letters to deceive a Ledger hardware wallet user. The civil forfeiture action marks a significant victory in the fight against crypto-enabled fraud, demonstrating how law enforcement can leverage blockchain transparency to recover stolen assets.
The Scam: A Convincing Fake Letter from 'Ledger Security'
In September 2025, a Connecticut resident identified in court documents only as T.M. received an unsolicited letter at their home address. The letter, which appeared to come from "Ledger Security and Compliance," instructed the recipient to complete a mandatory security review of their Ledger hardware wallet. Believing the letter was legitimate, T.M. followed the instructions and inadvertently disclosed their wallet's 24-word recovery seed phrase, giving scammers full control over the funds.
Ledger has repeatedly warned customers that it never sends unsolicited mail requesting seed phrases or security verification. This particular scam leveraged data from the 2020 Ledger customer database breach, which exposed names and home addresses. Scammers used this information to craft professional-looking letters that were difficult to distinguish from official communications.
Blockchain Forensics Leads to Recovery
After T.M. reported the theft, investigators from the FBI’s New Haven Division and Connecticut State Police launched a probe. Using advanced blockchain analytics tools, they traced the stolen cryptocurrency through multiple intermediary wallets. The scammers had converted the assets into USDT, a stablecoin pegged to the U.S. dollar, in an attempt to obscure the trail. However, the transparent nature of blockchain records allowed law enforcement to follow the funds and identify holdings exceeding $600,000.
In January 2026, the U.S. Attorney’s Office for the District of Connecticut filed a civil forfeiture complaint (case 3:26-cv-28) against the seized funds. On March 31, 2026, the U.S. District Court entered a decree of forfeiture, transferring the USDT to the United States government. Civil forfeiture allowed prosecutors to act without identifying or criminally charging the perpetrators, who are believed to be based overseas.
Cooperation from Tether and Victim Restitution
Tether, the issuer of USDT, cooperated with law enforcement by freezing and transferring the seized stablecoins to government-controlled wallets, facilitating the recovery process. Interim U.S. Attorney David X. Sullivan stated that criminals should not expect to hold onto stolen proceeds. FBI Special Agent in Charge P.J. O’Brien credited the joint effort between federal and state investigators in tracing and securing the funds.
The recovered USDT will be returned to T.M. through the Department of Justice’s asset management process, overseen by the Money Laundering and Asset Recovery Section (MLARS). This outcome provides a rare but encouraging example of restitution for victims of crypto phishing scams.
Ongoing Threat and Safety Advice for Ledger Users
Physical mail phishing attacks targeting Ledger users have been reported since at least 2021. Scammers continue to exploit the 2020 database leak to send letters that appear official. These letters typically instruct recipients to enter their recovery phrase on a fake website or scan a QR code that leads to a malicious page. Ledger emphasizes that any unsolicited communication requesting a seed phrase is a scam. Users should verify all communications through official channels and report suspicious letters to the FBI’s Internet Crime Complaint Center (IC3.gov).
This case underscores how federal agencies are applying blockchain analysis to recover assets in cryptocurrency fraud cases. While scammers become more creative, law enforcement’s ability to trace and seize digital assets continues to improve. However, user vigilance remains the most effective defense against such attacks.

