 
 
Crypto hardware wallet users are being targeted in phishing scams that can spike year-on-year losses. Cybersecurity experts have flagged a campaign targeting Ledger and Trezor users, both digital asset hardware wallets that have previously been breached.
Bad Actors Dispatched Fake Letters Via Mail
Several crypto users received letters from scammers posing as official Trezor and Ledger sources. In a post shared on X, Dmitry Smilyanets shared a letter that included QR codes linking to scam sites and a forged signature from Ledger’s CEO.
These letters reached several users as bad actors sought to obtain recovery phrases and other information to move funds. Both letters, which allegedly came from security and compliance teams, create a false sense of urgency and require users to complete Authentication Checks for additional services.
According to Smilyanets, Trevor users were told they had to complete the mandatory Checks or risk losing the functionality of their hardware. The QR codes in both letters led to fake sites currently flagged by security firms.
“Note: While you may have already received the notification on your Trezor device and enabled Authentication Check, completing this process is still required to fully activate the feature and ensure your device is synchronized with the full functionality of Authentication Check,” the letter reads.
 
The sites contain more information and urge users to continue the authentication process. Finally, victims are directed to a page where they can enter their recovery phrases for verification. According to the expert report, the phrase is received via a backend API endpoint.
The warning on social media has prompted security firms to issue new safety guidelines amid rising phishing threats. While hardware wallets are generally considered safer, users are urged never to share their key phrases with anyone, including people posing as employees.
A recovery phrase gives access to all funds, often leading to a complete loss. This scenario poses a greater risk to Trezor and Ledger users because most funds are stored on those devices. Following centralized exchanges and online hacks, most institutions and whales have opted to store long-term assets in hardware wallets.
Last year, crypto scams and hacks rose to new levels after the infamous Bybit incident that funneled $1.4 billion in losses. Regulators in the United States and Europe have continued their investigations into crime networks, resulting in large-scale arrests and partial recovery of lost funds.
