Connecticut Crypto Phishing Victim to Recover Funds
Local media reported that the U.S. Attorney’s Office for the District of Connecticut, working with the FBI’s New Haven Division and Connecticut State Police, filed a civil forfeiture complaint in January 2026 against the seized funds. On March 31, 2026, the U.S. District Court entered a decree of forfeiture transferring the USDT to the United States government.
The victim, identified in court documents only as T.M., received an unsolicited letter at their home address in September 2025. The letter appeared to come from “Ledger Security and Compliance” and instructed the recipient to complete a mandatory security review of their Ledger hardware wallet.
T.M. followed the letter’s instructions, which gave the scammers access to the wallet’s recovery seed phrase and control over the funds. Investigators traced the stolen assets using blockchain analytics. The scammers had moved the funds through multiple intermediary wallets and converted them into USDT, a stablecoin pegged to the U.S. dollar, in an attempt to obscure the trail.
Blockchain records are public, and the transparent transaction history allowed law enforcement agents to follow the funds and identify holdings exceeding $600,000. The forfeiture complaint, filed as case 3:26-cv-28 in the District of Connecticut, alleged the USDT represented proceeds of wire fraud and was connected to money laundering violations.
Civil forfeiture allowed prosecutors to act without identifying or criminally charging the perpetrators, who are believed to be overseas. Interim U.S. Attorney David X. Sullivan stated that criminals should not expect to hold onto stolen proceeds. FBI Special Agent in Charge P.J. O’Brien credited the joint effort between federal and state investigators in tracing and securing the funds.
The recovered USDT will be returned to T.M. through the Department of Justice’s asset management process, overseen by the Money Laundering and Asset Recovery Section. The physical-mail phishing tactic used against T.M. has targeted Ledger customers since at least 2021.
Scammers obtained names and home addresses from Ledger’s 2020 customer database breach and used that information to send professional-looking letters. The letters typically instruct recipients to enter their 24-word recovery phrase on a fake website or scan a QR code that routes to a malicious page.
Ledger has consistently warned customers that it does not send unsolicited mail requesting seed phrases or security verification. Any letter or communication asking for a recovery phrase is a scam.
This case reflects how federal agencies are applying blockchain analysis to recover assets in cryptocurrency fraud cases. Tether‘s cooperation in freezing and transferring seized USDT to government-controlled wallets played a role in completing the recovery.
FAQ 🔎
- What was the Ledger phishing scam in Connecticut? A scammer mailed a fake “Ledger Security and Compliance” letter to a Connecticut resident, tricking them into surrendering their wallet’s recovery phrase and losing approximately $234,000 in cryptocurrency.
- How did the FBI recover the stolen tether? Agents used blockchain analytics to trace the stolen funds through multiple wallets, locating over $600,000 in USDT the scammers had converted the assets into.
- What is civil forfeiture in a cryptocurrency case? Civil forfeiture lets federal prosecutors seize assets tied to criminal activity without a criminal conviction, which is useful when suspects are unidentified or located overseas.
- How can Ledger users protect themselves from mail phishing? Ledger never sends unsolicited letters requesting seed phrases or security verification, so any such letter should be treated as a scam and reported to the FBI at ic3.gov.
Leave feedback about this