All Posts
Security

Ledger Users Just Got a Letter About Quantum Computers. It Was a Phishing Scam — and a QR Code Was the Hook.

June 14, 20267 min read

On June 5, 2026, Ledger publicly confirmed that a new physical mail phishing scam was circulating among its users. The campaign first surfaced when a holder posting as @akh1l_sol shared photos of a letter he had received and tagged the on-chain investigator ZachXBT, asking whether the targeting had come "from the latest data leak." Within about an hour, Ledger's official account responded: ignore it, it's a scam. The letter was a near-perfect forgery of official Ledger correspondence — right letterhead, right tone, a reference number in the top corner — and it demanded that the recipient complete a "Post-Quantum Cryptography Security Update" by June 26, 2026, or face losing access to their wallet.

The text is worth reading closely, because the craftsmanship is the point. It opens with "At Ledger, securing your digital assets is our highest priority" and introduces the update as "a critical security upgrade designed to protect your assets against threats from quantum computing." It warns that "powerful quantum computers could brute-force your private keys in seconds, but our quantum-resistant algorithms keep them protected." It names six specific device models that supposedly require the update — the Nano Gen5, Flex, Stax, Nano S Plus, Nano S, and Nano X — which is a detail a careless scammer would not bother with and a careful one includes precisely to make the letter feel like it came from a system that knows what you own. Then it instructs the recipient to "scan the QR code below with your mobile device" to "ensure uninterrupted access to your Ledger Wallet," notes that the code "has been uniquely generated for you based on the reference number," and tells you not to share it. A June 26 deadline supplies the urgency, with threats of lost access, partial loss of Clear Signing, and "limited functionality with future releases" for anyone who ignores it.

The most important thing about this scam is what it does not do: it does not ask for your 24-word recovery phrase. That omission is a tactical evolution, and it is the part every Bitcoin holder should sit with. The crypto industry has spent years drilling one rule into self-custodians — never give anyone your seed phrase — and that training now works well enough that a letter baldly asking for twelve or twenty-four words gets recognized and reported. So the attack moved one step back in the chain. Instead of requesting the secret, it routes you through a QR code to a fraudulent site, where the credential theft happens inside what looks like a routine "firmware update" or "device synchronization" flow. The seed-phrase request still comes — earlier versions of this exact campaign, documented in February, ended on a page that accepted 12-, 20-, or 24-word phrases and POSTed them straight to the attacker's backend — but it arrives dressed as the last step of a security upgrade rather than as a naked demand. The rule users were taught ("don't share your seed") never fires, because at no point does the experience feel like sharing a seed. It feels like compliance.

The quantum framing is not random, and it is not stupid. It is the most current, most plausible cover story available in June 2026. Post-quantum cryptography has been a real and prominent topic all year: Google Quantum AI's March research paper compressed the consensus timeline for a cryptographically relevant quantum computer, Ripple published a multi-phase post-quantum roadmap for its ledger, and Bitcoin's own developers have been openly debating BIP-360 and BIP-361, a migration proposal that would eventually freeze coins in quantum-vulnerable addresses. A holder who has been reading those headlines — and the headlines have been everywhere — will find a letter from their hardware wallet maker about a "quantum-resistant update" entirely believable. The scam is well-targeted in time precisely because the legitimate conversation it imitates is real. The most effective phishing always borrows the credibility of a true story.

The targeting itself traces back to a wound that has not healed in five years. In July 2020, Ledger suffered an e-commerce data breach that exposed the names, postal addresses, phone numbers, and ordered products of more than 270,000 customers — data that was subsequently dumped publicly. Ledger acknowledged in its response that the recipient's address may have come from any of several crypto-related breaches, but the 2020 leak remains the most likely source, and it has fed a continuous stream of physical and digital phishing for half a decade. The methodology keeps evolving against the same victim list: 2025 saw letters with seed-phrase requests printed on enclosed scratch cards; February 2026 saw "Authentication Check" and "Transaction Check" letters with hard deadlines; June 2026 brings the quantum framing and the QR-routing refinement. The list of who to target is fixed. The story told to that list is whatever is most believable this quarter.

Here is the structural fact under all of it, and it is the one this publication keeps returning to because it does not change with the cover story. The scam works — any version of it works — because somewhere reachable by you, in a drawer or a safe or on a steel plate or in your memory, there exists one complete copy of the secret that controls your coins. The entire attack is a machine for getting that one complete copy out of one person in one session. The quantum letter, the QR code, the fake firmware page, the deadline: all of it is social engineering aimed at a single point of total failure. The day you type a complete recovery phrase into a convincing website is the day it is over, and it is over in the time it takes the attacker to import the phrase onto their own device. There is no second factor, no clawback, no fraud department. The completeness of the secret in one place is the vulnerability, and every phishing campaign in the history of self-custody has been an attempt to reach it.

It is worth being honest about what threshold custody does and does not do against this, because overclaiming here would be its own kind of dishonesty. Splitting your seed phrase with Shamir's Secret Sharing does not stop the letter from arriving in your mailbox. It does not make you immune to social engineering in general, and it does not protect a hot wallet or an exchange balance or a phrase you have already typed into a website. What it changes is the thing the entire scam depends on: it removes the single complete copy that one scan can swallow. When your encrypted seed is split into a threshold of QR-encoded shares — say 3-of-5 — held in separate locations and by separate people, there is no one place a phishing site can drain, because the complete secret does not exist in any one place to begin with. A fraudulent page that captured the contents of a single share would hold something that is, mathematically, nothing: below the threshold, Shamir's scheme reveals no information at all about the secret, not statistically and not computationally but information-theoretically. There is nothing to extract and nothing to brute-force, quantum computer or not.

There is a sharper irony worth naming, because it sits at the center of how seQRets works. The scam weaponizes a QR code — turns a thing you scan into the delivery mechanism for total loss. seQRets uses QR codes for exactly the opposite purpose: each one encodes a single share, offline, that on its own discloses nothing and can be photographed, mailed, or stored in the open without risk. The difference is not the QR code. It is whether scanning one hands over everything or hands over a fragment that is useless alone. One model concentrates the secret into a single moment of exposure; the other distributes it so that no single moment — and no single scan, letter, site, or panicked Sunday-night decision — can complete the theft. Reconstruction in the threshold model is a deliberate, multi-party act that cannot be performed by one rushed person following the instructions on a piece of mail. That friction is not a flaw. Against a deadline-driven phishing letter, the friction is the entire defense.

None of this requires believing the quantum threat is fake — it is not — or that hardware wallets are broken — they are not. Ledger's own statement was correct on the substance: its devices keep keys secure regardless of external incidents, and "the scam targets users, not devices." That is exactly the point. The attack surface that keeps getting exploited is not the cryptography of the wallet; it is the human holding a single complete secret, under a manufactured deadline, in a mailbox full of forgeries built from a breach they cannot undo. You cannot un-leak the 2020 list, and you cannot out-vigilance every future letter that learns from the last one. What you can change is the architecture — so that the worst a perfect forgery can do is waste your afternoon, instead of ending your custody in a single scan.

seQRets is built for that layer and only that layer. Your encrypted seed phrase, split into QR-encoded threshold shares, distributed across the locations and people you choose — no servers, no accounts, no single copy sitting in a drawer waiting for the most convincing letter you will ever receive. It will not stop the mail from coming. It changes what the mail can take.