Fake Trezor, Ledger Letters Target Crypto Wallet Users

Listen to the article

0:00

Users of crypto hardware wallets Ledger and Trezor are again reporting receiving physical letters aimed at stealing their seed recovery phrases — the latest attack on users exposed across numerous data leaks over the past six years.

Cybersecurity expert Dmitry Smilyanets was one of the first to report receiving a spurious letter from Trezor on Feb. 13, which demands users perform an “Authentication Check” by Feb. 15 or risk having their device restricted.

Smilyanets said the scam includes a hologram along with a QR code that takes users to a scam website. The letter is made to appear signed by Matěj Žák, who is described as the “Ledger CEO” (the real Matěj Žák is the CEO of Trezor).

A Ledger user reported receiving a similar letter last year in October, with the letter claiming recipients must complete mandatory “Transaction Check” procedures.

Fake letter sent to Trezor customers. Source: Dmitry Smilyanets

Scanning a malicious QR code for “mandatory” checks

The QR code reportedly takes the victim to a malicious website made to look like Ledger and Trezor setup pages, tricking users into entering their wallet recovery phrases.

Once entered, the recovery phrase is transmitted to the threat actor through a backend API, enabling them to import the victim’s wallet onto their own device and steal funds from it.

Related: Phishing scammers spoof Ledger’s email to send bogus data breach notice

Legitimate hardware wallet companies never ask users to share their recovery phrases through any method, including website, email, or snail mail.

Not the first time letters have been sent

Ledger and its third-party partners have suffered multiple large-scale data breaches over the past few years, resulting in leaks of customer data, including physical addresses used for postal purposes, and physical threats.

Meanwhile, Trezor flagged a security breach that exposed the contact information of nearly 66,000 customers in January 2024.

In 2021, scammers mailed counterfeit Ledger Nano hardware wallets to victims of the 2020 Ledger data breach.

Physical letters prompting victims to scan QR codes were sent in April 2025, while in May, hackers used fake Ledger Live apps to steal seed phrases and drain crypto from victims.

Ledger alerted users to the physical mail phishing scam on its website in October.

Magazine: Coinbase misses Q4 earnings, Ethereum eyes ‘V-shaped recovery’: Hodler’s Digest

Trending

Keep Calm and Adapt

Dollar bearish positioning hits highest since 2012.

Bitcoin Sentiment Hits Lows Amid Oversold Signals

Listen to the article

Fact Checker

Get Your Fact Check Report

Dollar bearish positioning hits highest since 2012.

Bitcoin Sentiment Hits Lows Amid Oversold Signals

Kraken Backs ‘Trump Accounts’ for Wyoming Newborns

Kraken Will Sponsor Trump Accounts For All Wyoming Babies Born In 2026

Bitcoin’s Long-Term Holders Show Signs of Strain After February Sell-Off

Philippines’ Digital Bank Maya Looks to US Market for Up to $1B IPO

Dollar bearish positioning hits highest since 2012.

Bitcoin Sentiment Hits Lows Amid Oversold Signals

Kraken Backs ‘Trump Accounts’ for Wyoming Newborns

Kraken Will Sponsor Trump Accounts For All Wyoming Babies Born In 2026

Bitcoin’s Long-Term Holders Show Signs of Strain After February Sell-Off

Philippines’ Digital Bank Maya Looks to US Market for Up to $1B IPO

Latest News

Keep Calm and Adapt

Dollar bearish positioning hits highest since 2012.

Bitcoin Sentiment Hits Lows Amid Oversold Signals

Trending

Fake Trezor, Ledger Letters Target Crypto Wallet Users

Listen to the article

Key Takeaways

Playback Speed

Select a Voice

Scanning a malicious QR code for “mandatory” checks

Not the first time letters have been sent

Fact Checker

Get Your Fact Check Report

Continue with Full Access

Related Articles

Subscribe to Updates

Cookies

Manage Cookies

Your permission applies to the following domains: