In brief
- The U.S. Attorney’s Office for Connecticut has recovered more than $600,000 in cryptocurrency from a fraud scheme.
- The fraud targeted a Ledger hardware wallet user with a phishing letter directing them to perform a security check, stealing $234,000 in crypto.
- The case is the latest phishing attempt targeting crypto users following data breaches at hardware wallet manufacturers.
The U.S. Attorney’s Office for the District of Connecticut has recovered and forfeited over $600,000 worth of cryptocurrency from a fraud scheme, the latest in a series of successful digital asset seizures by federal law enforcement.
According to a Department of Justice press release, the seizure took place after a Ledger hardware wallet user was targeted by a phishing scam in September 2025.
U.S. Attorney’s Office Recovers and Forfeits More Than $600K in Cryptocurrency from Fraud Scheme @FBINewHaven @CT_STATE_POLICE https://t.co/3cMhBRzz8k
— U.S. Attorney CT (@USAO_CT) April 1, 2026
The user, a Connecticut resident, received a letter purporting to be from “Ledger Security & Compliance,” instructing them to perform a mandatory security check. In fact, following the instructions in the letter enabled the fraudsters to compromise the user’s hardware wallet, making off with $234,000 in cryptocurrency.
The FBI and state police traced the flow of funds, enabling them to seize some $600,000 in the $USDT stablecoin which was subject to a civil forfeiture complaint alleging that it was the proceeds of wire fraud and money laundering.
Decrypt reached out to Ledger for comment on the case but did not immediately receive a response.
This is the latest in a series of phishing incidents targeting crypto hardware wallet users, with a modus operandi similar to that seen in a recently identified campaign leveraging fake postal letters. In that case, physical letters were sent to Trezor and Ledger owners that included company logos and holograms, alongside a QR code directing victims to the phishing site.
At the time, cybercrime consultant David Sehyeon Baek told Decrypt that scammers’ shift from digital to physical mail “borrows credibility” from the postal system. “A letter with your name and home address basically signals, ‘we can locate you,’ and that triggers a much stronger safety reaction,” he explained.
The campaign follows years of data breaches at hardware wallet manufacturers, including a 2020 e-commerce breach at Ledger exposing over one million emails and a January 2026 breach at its e-commerce partner affecting order data.
Rival hardware wallet manufacturer Trezor has likewise had consumer data exposed through incidents such as the 2022 MailChimp insider exploit and a later third-party support portal breach affecting roughly 66,000 users, triggering ongoing phishing campaigns. Decrypt has reached out to Ledger for comment and will update this article should they respond.
Federal and international authorities have seized substantial cryptocurrency amounts in recent months. The Feds sought forfeiture of $200,000 in $USDT tied to a Tinder “pig butchering” scam, while Florida seized $1.5 million in Dogecoin, Pepe, and Solana tokens in a case involving a Chinese national.