Crypto Phishers Target Trezor and Ledger Users via Snail Mail

Scammers are using old data leaks from years ago to find out where crypto users live. They are sending professional-looking letters that claim you need to perform a "mandatory security check" or an "authentication update."

These letters often look very official, complete with company logos and even fake holograms. One recent letter was "signed" by the CEO of Trezor, but it mistakenly called him the CEO of Ledger. These small mistakes are often the only clue that the letter is a total fake. 

Image Caption: Source: Dmitry Smilyanets

Scanning a Malicious QR Code for “Mandatory” Checks

The hook of this scam is a QR code that directs users to an advanced clone of the official Ledger or Trezor setup pages. These sites prompt the user to enter their 12 or 24-word recovery phrase under the guise of a security update or compliance check.

The moment a user types these words, they are sent directly to the attacker’s API. Because the recovery phrase is the "master key" to the blockchain, the scammer can instantly recreate the wallet on their own device and drain every cent. It is a stark reminder: Your recovery phrase should never be entered into any website, app, or digital form.

No Slowdown in Crypto Scams During Bear Markets

One might assume that scammers lose interest when the market cools down, but experts suggest the opposite. Deddy Lavid, CEO of Cyvers, notes that while high-level technical hacks might fluctuate, social engineering thrives on anxiety. In a bear market, investors are often more protective of their remaining assets, making them "more reactive and susceptible to fear-based tactics" like fake compliance warnings. Scammers don't stop; they simply pivot to exploit the psychological state of the community.

Not the First Time Letters Have Been Sent

This isn't a new phenomenon, but rather a persistent ghost of past security failures. Ledger’s massive 2020 data breach and Trezor’s 2024 contact info leak (affecting 66,000 customers) provided a roadmap for these criminals.

History shows how far these actors will go: in 2021, some victims even received counterfeit hardware wallets in the mail, designed to look like brand-new replacements. Whether it's fake apps, physical mail, or tampered devices, the goal remains the same. If you receive a physical letter regarding your crypto, the safest place for it is the paper shredder.

How to Protect Yourself from Crypto Scams

This isn't the first time this has happened. In the past, scammers have even mailed out fake hardware devices that were tampered with to steal keys.

To stay safe, remember these three things:

• Companies will NEVER ask for your recovery phrase. Not in an email, not on a website, and certainly not in a letter.
• Never scan a QR code from a letter. If you think there is a real update, go directly to the official website by typing the address into your browser yourself.

Paper is for shredding. If you get a letter about your crypto wallet, it’s almost certainly a scam. Treat it like junk mail.