Scammers use pretend postal letters and QR codes to trick Trezor and Ledger customers into revealing pockets seed phrases.
Crypto phishing assaults are not restricted to emails and pretend adverts. Criminals at the moment are sending bodily letters to {hardware} pockets customers. Mail seems official and urges fast motion, aiming to trick individuals into making a gift of their restoration phrases and steal their funds.
Trezor and Ledger Customers Warned Over QR Code Phishing Letters
Risk actors are sending letters to customers impersonating Trezor and Ledger, two main {hardware} pockets producers. Letters declare customers should full a required “Authentication Test” or “Transaction Test.” They warn that failing to take action might trigger pockets entry issues. Every letter features a QR code that leads recipients to phishing web sites.
Experiences present that letters look official and use the corporate’s logos and branding. In the meantime, each corporations suffered previous knowledge breaches that uncovered buyer contact particulars. Stolen mailing info might have enabled marketing campaign attain.
Cybersecurity skilled Dmitry Smilyanets shared one among these pretend letters in an X put up. In that case, scammers impersonated Trezor and advised customers to finish an authentication examine by February 15, 2026. Non-compliance supposedly meant disrupted entry to Trezor Suite.
Furthermore, the letter advised customers to scan a QR code with their cellphone and observe directions on a web site. It added stress by saying motion was required, even when the function was already activated. The scammers’ purpose was to make individuals act rapidly with out considering.
An analogous letter was focused at Ledger customers. It claimed a compulsory “Transaction Test” was coming quickly. With the deadline set for October 15, 2025, the message warned that ignoring it might trigger transaction issues.
Scanning QR codes led to pretend web sites that seemed like official Trezor or Ledger pages. The ledger-related web site later went offline, whereas the pretend Trezor web site stayed on-line however was recognized as phishing by Cloudflare.
The pretend Trezor web page displayed a warning banner, urging customers to finish authentication by February 15, 2026. An exception for sure newer Trezor Secure fashions bought after November 30, 2025, was added on the web page. The declare urged these units had been preconfigured.
Additional, the ultimate web page requested customers to enter their pockets restoration phrase. The shape allowed 12, 20, or 24 phrases. To verify possession, the positioning required a phrase to activate authentication. In actuality, coming into it could give scammers full entry to the pockets.
Seed Phrase Security in Focus as Offline Crypto Scams Rise
Bodily phishing stays much less frequent than e mail scams. Nonetheless, postal campaigns have appeared earlier than. In 2021, criminals mailed modified Ledger units designed to seize restoration phrases throughout setup. One other wave of postal phishing focusing on Ledger customers surfaced in April.
{Hardware} pockets suppliers repeatedly warn clients by no means to share restoration phrases. No official replace or safety examine requires coming into a seed phrase on-line. Firms don’t request such knowledge by mail, e mail, or cellphone.
In the meantime, the rising sophistication of scams indicators ongoing danger for crypto holders. Offline ways might seem extra credible to some customers as printed letters can really feel official and pressing.
As such, customers ought to confirm any safety notices instantly via official web sites. Typing identified internet addresses manually is safer than scanning unknown QR codes. Suspicious letters must be reported to pockets suppliers and cybersecurity authorities instantly.