The U.S. Attorney’s Office for the District of Connecticut filed a civil forfeiture complaint in January 2026 against the seized funds. On March 31, 2026, the U.S. District Court entered a decree of forfeiture transferring the USDT to the United States government. The victim, identified in court documents only as T.M., received an unsolicited letter in September 2025 from Ledger Security and Compliance instructing the recipient to complete a mandatory security review of their Ledger hardware wallet.
T.M. followed the letter’s instructions, which gave the scammers access to the wallet’s recovery seed phrase and control over the funds. Investigators traced the stolen assets using blockchain analytics, and the scammers moved the funds through multiple intermediary wallets and converted them into USDT in an attempt to obscure the trail. The forfeiture complaint alleged the USDT represented proceeds of wire fraud and was connected to money laundering violations.
The recovered USDT will be returned to T.M. through the Department of Justice’s asset management process. The physical-mail phishing tactic used against T.M. has targeted Ledger customers since at least 2021. Scammers obtained names and home addresses from Ledger’s 2020 customer database breach and used that information to send professional-looking letters. The letters typically instruct recipients to enter their 24-word recovery phrase on a fake website or scan a QR code that routes to a malicious page.
Leave a Reply