Customers of crypto {hardware} wallets Ledger and Trezor are once more reporting receiving bodily letters aimed toward stealing their seed restoration phrases — the most recent assault on customers uncovered throughout quite a few information leaks over the previous six years.
Cybersecurity skilled Dmitry Smilyanets was one of many first to report receiving a spurious letter from Trezor on Feb. 13, which calls for customers carry out an “Authentication Examine” by Feb. 15 or threat having their system restricted.
Smilyanets stated the rip-off features a hologram together with a QR code that takes customers to a rip-off web site. The letter is made to seem signed by Matěj Žák, who’s described because the “Ledger CEO” (the actual Matěj Žák is the CEO of Trezor).
A Ledger person reported receiving an analogous letter final 12 months in October, with the letter claiming recipients should full necessary “Transaction Examine” procedures.
Scanning a malicious QR code for “necessary” checks
The QR code reportedly takes the sufferer to a malicious web site made to seem like Ledger and Trezor setup pages, tricking customers into getting into their pockets restoration phrases.
As soon as entered, the restoration phrase is transmitted to the risk actor by a backend API, enabling them to import the sufferer’s pockets onto their very own system and steal funds from it.
Associated: Phishing scammers spoof Ledger’s e mail to ship bogus information breach discover
Legit {hardware} pockets firms by no means ask customers to share their restoration phrases by any technique, together with web site, e mail, or snail mail.
Not the primary time letters have been despatched
Ledger and its third-party companions have suffered a number of large-scale information breaches over the previous few years, leading to leaks of buyer information, together with bodily addresses used for postal functions, and bodily threats.
In the meantime, Trezor flagged a safety breach that uncovered the contact data of almost 66,000 clients in January 2024.
In 2021, scammers mailed counterfeit Ledger Nano {hardware} wallets to victims of the 2020 Ledger information breach.
Bodily letters prompting victims to scan QR codes have been despatched in April 2025, whereas in Might, hackers used pretend Ledger Stay apps to steal seed phrases and drain crypto from victims.
Ledger alerted customers to the bodily mail phishing rip-off on its web site in October.
Journal: Coinbase misses This fall earnings, Ethereum eyes ‘V-shaped restoration’: Hodler’s Digest