Customers of crypto {hardware} wallets Ledger and Trezor are once more reporting receiving bodily letters aimed toward stealing their seed restoration phrases — the newest assault on customers uncovered throughout quite a few knowledge leaks over the previous six years.
Cybersecurity professional Dmitry Smilyanets was one of many first to report receiving a spurious letter from Trezor on Feb. 13, which calls for customers carry out an “Authentication Test” by Feb. 15 or threat having their machine restricted.
Smilyanets mentioned the rip-off features a hologram together with a QR code that takes customers to a rip-off web site. The letter is made to seem signed by Matěj Žák, who’s described because the “Ledger CEO” (the actual Matěj Žák is the CEO of Trezor).
A Ledger person reported receiving the same letter final yr in October, with the letter claiming recipients should full obligatory “Transaction Test” procedures.
Scanning a malicious QR code for “obligatory” checks
The QR code reportedly takes the sufferer to a malicious web site made to appear to be Ledger and Trezor setup pages, tricking customers into coming into their pockets restoration phrases.
As soon as entered, the restoration phrase is transmitted to the risk actor by a backend API, enabling them to import the sufferer’s pockets onto their very own machine and steal funds from it.
Associated: Phishing scammers spoof Ledger’s e-mail to ship bogus knowledge breach discover
Reliable {hardware} pockets corporations by no means ask customers to share their restoration phrases by any technique, together with web site, e-mail, or snail mail.
Not the primary time letters have been despatched
Ledger and its third-party companions have suffered a number of large-scale knowledge breaches over the previous few years, leading to leaks of buyer knowledge, together with bodily addresses used for postal functions, and bodily threats.
In the meantime, Trezor flagged a safety breach that uncovered the contact data of almost 66,000 prospects in January 2024.
In 2021, scammers mailed counterfeit Ledger Nano {hardware} wallets to victims of the 2020 Ledger knowledge breach.
Bodily letters prompting victims to scan QR codes have been despatched in April 2025, whereas in Might, hackers used faux Ledger Reside apps to steal seed phrases and drain crypto from victims.
Ledger alerted customers to the bodily mail phishing rip-off on its web site in October.
Journal: Coinbase misses This autumn earnings, Ethereum eyes ‘V-shaped restoration’: Hodler’s Digest
