US Attorney Recovers Over $600,000 in USDT From Ledger Physical Letter Phishing Scam

US Attorney Recovers Over $600,000 in USDT From Ledger Physical Letter Phishing Scam

N
News Editor 01
2026-07-09 02:02:41
Federal prosecutors in Connecticut seized more than $600,000 in USDT linked to a Ledger phishing scam that used a physical letter to trick a hardware wallet user into revealing their recovery seed phrase. The funds will be returned to the victim.
Ledgerphishing scamUSDTblockchain analysisasset forfeiture

U.S. Attorney for the District of Connecticut, in cooperation with the FBI’s New Haven Division and Connecticut State Police, has successfully recovered over $600,000 in Tether (USDT) stolen through a sophisticated physical letter phishing scam targeting a Ledger hardware wallet user. The recovery was finalized on March 31, 2026, when the U.S. District Court entered a decree of forfeiture transferring the USDT to the U.S. government. The funds are slated to be returned to the victim, identified only as T.M., through the Department of Justice’s asset management process overseen by the Money Laundering and Asset Recovery Section.

The Scam: A Fake Ledger Security Letter

In September 2025, T.M., a resident of Connecticut, received an unsolicited letter at their home address. The letter appeared to come from “Ledger Security and Compliance” and instructed T.M. to complete a mandatory security review of their Ledger hardware wallet. Following the instructions, T.M. navigated to a fake website or scanned a QR code that led to a malicious page designed to capture the wallet’s 24-word recovery seed phrase. Once the seed phrase was entered, the scammers gained full control over the wallet and immediately drained approximately $234,000 in cryptocurrency.

This type of physical mail phishing has been used against Ledger customers since at least 2021. Scammers obtained names and home addresses from a 2020 data breach of Ledger’s customer database, which exposed contact information for many users. Using this data, they crafted professional-looking letters that closely mimic official Ledger communications, complete with logos and regulatory language. Ledger has consistently warned customers that it never sends unsolicited mail requesting seed phrases or security verification.

Blockchain Analysis and Asset Recovery

After the theft, the scammers moved the stolen funds through multiple intermediary wallets in an attempt to obscure the trail, eventually converting the assets into USDT, a stablecoin pegged to the U.S. dollar. However, blockchain’s transparent ledger allowed investigators from the FBI’s New Haven Division to follow the funds using advanced analytics tools. They identified a wallet containing over $600,000 in USDT that was linked to the stolen proceeds.

Civil forfeiture, filed as case 3:26-cv-28 in the District of Connecticut, enabled prosecutors to seize the funds without needing to identify or criminally charge the perpetrators, who are believed to be operating from overseas. Tether’s cooperation in freezing and transferring the seized USDT to government-controlled wallets played a crucial role in completing the recovery. Interim U.S. Attorney David X. Sullivan stated, “Those who steal from innocent people should not expect to keep their ill-gotten gains.” FBI Special Agent in Charge P.J. O’Brien credited the joint effort between federal and state investigators in tracing and securing the funds.

Protecting Yourself from Physical Phishing

This case highlights a growing trend in physical phishing attacks targeting cryptocurrency users. Criminals are using offline methods to combine personal data from breaches with seemingly legitimate communication channels. Ledger users should remember the golden rule: your seed phrase is your private key. Never enter it into any website, app, or form, and never share it with anyone claiming to be from Ledger or any other service. Any request for your seed phrase—whether by email, phone, SMS, or physical letter—is a scam.

If you receive a suspicious letter, contact Ledger official support directly through their verified channels. Report phishing attempts to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov. The success of this case demonstrates that law enforcement can and will use blockchain analysis to trace and recover stolen assets, but prevention remains the best defense. Users should also consider using a passphrase for their Ledger device and storing seed phrases in a secure, offline location.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
300

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.