Crypto hackers are sending bodily letters impersonating Trezor and Ledger to steal cryptocurrency pockets restoration phrases.
Abstract
- Hackers mail faux Trezor and Ledger letters with phishing QR codes.
- Websites request restoration phrases and grant attackers full pockets management.
- {Hardware} pockets corporations by no means ask customers to share seed phrases.
The phishing marketing campaign claims recipients should full obligatory “Authentication Examine” or “Transaction Examine” procedures.
The hackers are additionally creating urgency via deadlines of February 15, 2026 for Trezor. Letters printed on official-looking letterhead direct customers to scan QR codes resulting in malicious web sites.
The phishing websites request 24-, 20-, or 12-word restoration phrases beneath the pretense of verifying machine possession.
As soon as entered, restoration phrases transmit to menace actors via backend API endpoints, granting attackers full management over victims’ wallets and funds.
Each {hardware} pockets firms suffered knowledge breaches lately that uncovered buyer contact info.
Phishing websites create urgency via performance warnings
Cybersecurity skilled Dmitry Smilyanets acquired a faux Trezor letter warning that failure to finish authentication would lead to misplaced machine performance.
“To keep away from any disruption to your Trezor Suite entry, please scan the QR code together with your cellular machine and comply with the directions on our web site,” the letter said.
The Trezor phishing web site shows warnings about restricted entry, transaction signing errors, and disruption with future updates.
The same Ledger-themed letter circulated on X, claiming Transaction Examine would grow to be obligatory.
The phishing pages enable customers to enter restoration phrases in a number of codecs, falsely claiming the knowledge verifies machine possession and permits authentication options.
As soon as victims enter restoration phrases, knowledge transmits to the phishing web site. Attackers import the pockets onto their very own gadgets and drain funds.
The letters create false urgency by claiming gadgets bought after November 30, 2025 come pre-configured, pressuring earlier consumers to behave.
Crypto {hardware} pockets firms by no means request restoration phrases
Bodily mail phishing campaigns concentrating on {hardware} pockets customers stay comparatively uncommon. Crypto hackers mailed modified Ledger gadgets in 2021 designed to steal restoration phrases throughout setup. The same postal marketing campaign concentrating on Ledger customers was reported in April.
Anybody possessing a pockets’s restoration phrase good points full management over the pockets and all funds. Trezor and Ledger by no means ask customers to enter, scan, add, or share restoration phrases via any channel.
Restoration phrases ought to solely be entered instantly on {hardware} pockets gadgets when restoring wallets, by no means on computer systems, cellular gadgets, or web sites.
The concentrating on standards for the bodily letters stays unclear. Nonetheless, each firms’ previous knowledge breaches uncovered buyer mailing addresses and phone info to potential attackers.
