Cryptocurrency hardware wallet users are facing an alarming new threat as scammers have begun sending fraudulent physical letters that masquerade as communications from Ledger and Trezor. These letters demand that users complete authentication checks by specific deadlines, claiming that failure to comply could result in restrictions on their devices.
Receiving these deceptive letters, customers find themselves confronted with urgent demands and intimidating threats. Among the most noteworthy instances reported is the case shared by cybersecurity expert Dmitry Smilyanets, who discovered a fake Trezor letter on February 13, 2026. This particular letter warned recipients that their devices would be restricted if they did not complete an “Authentication Check” by February 15.
Designed to appear legitimate, these fraudulent letters include deceptive features like holograms and QR codes that lead to phishing websites intended to steal users’ sensitive wallet recovery phrases. Some of these letters even incorrectly credit Trezor’s CEO Matěj Žák as the “Ledger CEO,” adding a layer of confusion to the scam.
Decoding the Scam Mechanism
In this methodical scam, the QR codes embedded in these letters direct users to counterfeit websites that mimic official Ledger and Trezor setup pages. Users are prompted to enter their wallet recovery phrases, which are the keys to their cryptocurrency assets.
Once users unwittingly submit their recovery phrases, this critical information is transmitted to the scammers, allowing them to access and drain the victims’ wallets completely. It is essential to highlight that legitimate hardware wallet companies never request users to share their recovery phrases through any communication form, including emails, websites, and especially physical mail.
The Role of Data Breaches
This alarming resurgence of physical letter scams follows a series of data breaches that have plagued Ledger and Trezor since 2020, which exposed customer mailing addresses and other personal information. In January 2024, Trezor reported a notable security breach that affected contact information for nearly 66,000 customers.
Previous incidents have shown that chosen victims could even receive fake Ledger Nano hardware wallets through the mail as a result of these breaches, illustrating the extensive reach of scammers who capitalize on exposed data.
Scams Persist Despite Crypto Market Fluctuations
Experts have remarked on the persistent nature of crypto scams, highlighting that they do not diminish during market downturns. As observed by Deddy Lavid, CEO of cybersecurity firm Cyvers, these scams often adapt to changing market conditions, with an uptick in social engineering and impersonation tactics amid bearish trends.
When markets are volatile, fear-based tactics become increasingly effective, with scammers exploiting users’ anxieties and pushing them towards making rash decisions. The current wave of physical scam letters represents yet another evolution in these ongoing phishing attacks, targeting hardware wallet users who have endured threats since the initial significant data breaches of 2020.
In conclusion, as the crypto landscape continues to evolve, users must remain vigilant against these sophisticated scams disguised as urgent communications from trusted brands like Ledger and Trezor. Education about legitimate security practices is more crucial than ever to safeguard personal assets against evolving cyber threats.
