Crypto Fraud: FBI Recovers $600K In Tether After Ledger…
The U.S. Attorney’s Office for the District of Connecticut has recovered and secured the forfeiture of more than $600,000 in cryptocurrency linked to a fraud scheme that targeted the owner of a Ledger hardware wallet through a fake security letter. According to the Department of Justice, the assets were traced and seized following an FBI investigation into the theft of approximately $234,000 in cryptocurrency from a Connecticut resident.
The forfeiture order, entered by the U.S. District Court on March 31, 2026, concludes a civil action brought by federal prosecutors, who alleged the seized Tether represented proceeds of wire fraud and property involved in money laundering. Authorities said they intend to work through the Department of Justice’s forfeiture process to return the recovered assets to victims where possible.
The case highlights the growing sophistication of cryptocurrency phishing operations, where attackers increasingly target hardware wallet users by impersonating trusted wallet providers in an attempt to obtain recovery credentials and gain control of digital assets.
Fake Ledger Security Letter Triggered The Theft
According to court documents cited by the Department of Justice, the fraud began in September 2025 when a Connecticut resident identified only as “T.M.” received a letter that appeared to come from “Ledger Security & Compliance.”
The letter claimed that the recipient’s Ledger hardware wallet required a mandatory security verification and instructed the victim to complete a series of steps to protect the device.
Rather than improving security, the instructions enabled fraudsters to compromise the wallet and steal approximately $234,000 worth of cryptocurrency.
Hardware wallets such as those manufactured by Ledger are designed to keep private keys offline, making them among the most secure methods for storing digital assets. However, security can be bypassed when users are persuaded to reveal recovery phrases or approve malicious transactions through carefully crafted social engineering attacks.
Investigators Followed The Money Across Multiple Wallets
Following the theft, investigators from the FBI and the Connecticut State Police traced the movement of the stolen cryptocurrency through multiple blockchain wallets.
The investigation ultimately led authorities to seize approximately $600,000 worth of Tether, significantly more than the value originally reported stolen from the identified victim. The Department of Justice has not explained whether the additional assets relate to appreciation in value, multiple victims or other proceeds connected to the alleged fraud scheme.
Federal prosecutors subsequently filed a civil forfeiture complaint in the U.S. District Court for the District of Connecticut, alleging the cryptocurrency represented proceeds of wire fraud and property involved in money laundering.
On March 31, 2026, the court entered a final decree of forfeiture, allowing the U.S. government to take legal ownership of the assets.
Forfeiture Is Often The First Step Toward Victim Compensation
While criminal prosecutions frequently attract the most attention, civil forfeiture proceedings have become an increasingly important tool for recovering digital assets obtained through fraud.
The Department of Justice explained that prosecutors generally seek forfeiture of seized cryptocurrency before working with the Department’s Money Laundering and Asset Recovery Section to return assets to victims. Completing the forfeiture process provides victims with clear legal title to recovered property while reducing the risk of future ownership disputes.
The approach has become more common as federal agencies improve their ability to trace blockchain transactions across multiple wallets, exchanges and stablecoins.
Unlike early cryptocurrency investigations, where stolen funds often disappeared into anonymous wallets, blockchain analytics and increased cooperation with digital asset service providers have significantly improved law enforcement’s ability to identify, freeze and recover illicit funds.
Ledger Impersonation Scams Continue To Target Crypto Investors
The Connecticut case follows a familiar pattern seen across the cryptocurrency industry.
Rather than exploiting weaknesses in blockchain technology itself, attackers increasingly target users through phishing emails, fake websites, fraudulent software updates and counterfeit security notifications that appear to come from legitimate wallet providers.
Ledger users have been frequent targets of such campaigns in recent years, particularly following previous customer data breaches that exposed names, email addresses and physical mailing addresses. Criminal groups have used that information to send convincing letters, emails and text messages urging recipients to perform urgent security updates or migrate their wallets.
Ledger has repeatedly warned customers that it never requests recovery phrases, private keys or seed words and that users should ignore unsolicited communications claiming immediate action is required to secure their wallets.
Hardware wallets remain one of the safest methods of storing cryptocurrency, but their security depends on users maintaining exclusive control of recovery credentials. Once those credentials are disclosed, attackers can recreate wallets and transfer assets without needing physical access to the device.
Law Enforcement Continues To Expand Crypto Asset Recovery
Federal authorities have increasingly focused on tracing and recovering digital assets linked to fraud, ransomware, investment scams and money laundering.
Advances in blockchain analytics, together with growing cooperation between law enforcement agencies, stablecoin issuers and cryptocurrency exchanges, have made it significantly easier to identify suspicious transactions and freeze assets before they disappear through complex laundering networks.
The Connecticut investigation demonstrates how those capabilities continue to evolve. Although the victim’s cryptocurrency had already been transferred across multiple wallets, investigators were able to trace the transactions, identify assets connected to the alleged fraud and secure a court order forfeiting more than $600,000 in Tether.
The investigation was conducted by the FBI’s New Haven Division in partnership with the Connecticut State Police and prosecuted by Assistant U.S. Attorney David C. Nelson.