A new phishing scheme aimed at cryptocurrency hardware wallet users has surfaced, raising alarms within the crypto community. This fraudulent campaign involves scammers sending physical letters that closely resemble official communications from Trezor and Ledger. The letters instruct users to visit counterfeit websites under the guise of completing an “Identity Verification” or “Transaction Verification” process to maintain access to their wallets.
These deceptive letters impose urgent deadlines, pressuring users to act quickly. They often include QR codes that lead to phishing sites mimicking the authentic installation pages of Trezor and Ledger. In a notable instance, a fraudulent email purportedly from Trezor, shared by cybersecurity expert Dmitry Smilyanets, warned that failure to complete the authentication process by February 15, 2026, would restrict device functionality. Similarly, a fake email from Ledger stated that “Transaction Verification” must be completed by October 15, 2025.
While the fraudulent Ledger domain linked via QR codes has since been removed, reports indicate that the Trezor-themed phishing site remained accessible for a time before being identified as malicious. Users who fell victim to this scam are directed to input their 12, 20, or 24-word recovery phrases, claiming that this information is essential for verifying device ownership. However, this sensitive data is transmitted directly to the attackers through an API, enabling them to hijack the victims” wallets and seize their cryptocurrency assets.
It remains unclear how the scammers selected their targets, but both Trezor and Ledger have suffered data breaches in recent years that exposed customer contact information. This raises concerns that physical addresses may have been compromised. While phishing attacks via traditional mail are not commonplace, they are not without precedent. In 2021, there were reports of attackers distributing modified Ledger devices designed to capture recovery phrases during setup, and a similar campaign targeting Ledger users surfaced in April.
It is crucial for users of hardware wallets to recognize the significance of their seed phrases, which function as the digital equivalent of private keys, granting full access to their cryptocurrency holdings. Both Trezor and Ledger emphasize that users should never enter recovery phrases on websites, scan QR codes, or disclose them online. Recovery phrases should only be utilized directly on the hardware device in a secure, offline environment.
This recent development serves as a stark reminder of the importance of vigilance and security in the ever-evolving landscape of cryptocurrency and blockchain technology.
