A recent surge in phishing attempts has emerged, specifically targeting users of Ledger and Trezor hardware wallets. Authorities have reported that scammers are shifting tactics by sending physical letters to users” homes, masquerading as communications from these companies.
The letters are designed to create a sense of urgency, claiming that recipients must complete authentication or transaction checks to maintain access to their wallets. This deceptive pressure encourages victims to scan QR codes included in the correspondence, which redirect them to malicious websites.
Users have confirmed receiving these fraudulent letters, which are printed on official-looking letterhead and purport to come from the security and compliance teams of Ledger and Trezor. The exact method by which these users are identified remains unclear, but both companies have experienced data breaches in the past, leading to the exposure of sensitive user information.
In a letter targeting Trezor users, cybersecurity expert Dmitry Smilyanets noted that the scammers asserted that authentication checks would be compulsory starting February 15. Users were urged to scan the QR code to avoid losing functionality on their devices. The letter falsely claimed that even if users had already received notifications on their devices, they were still required to complete the process to synchronize with the full functionality of the Authentication Check.
Similarly, a letter directed at Ledger users circulated on social media, warning of mandatory transaction checks with the same deadline. Scanning the QR codes leads victims to phishing sites that mimic official Trezor and Ledger domains. Currently, the phishing site for Ledger is offline; however, the Trezor site remains active, albeit flagged as a phishing destination.
Before it was flagged, the Trezor site issued warnings that users needed to complete the authentication process by February 15 to ensure their safety. Users who purchased newer models like the Trezor Safe 7 were incorrectly informed that they needed to complete these checks, creating further urgency to proceed to the next steps without hesitation.
If victims follow through, they are prompted to enter their recovery phrases under the pretense of verifying device ownership. This information is then transmitted to scammers, giving them full control over the victims” wallets and funds. Both Trezor and Ledger have consistently warned users to never disclose their recovery phrases, emphasizing that they would never request such sensitive information.
As phishing attacks continue to evolve, users of hardware wallets must remain vigilant and skeptical of unsolicited communications, especially those that create a false sense of urgency.
