Hardware Wallet Users Targeted by Phishing Scam

- The physical letters often include seemingly legitimate details like official-looking letterheads and even holograms to increase their authenticity. Some of the fraudulent letters targeting Trezor users were erroneously signed with the name of Ledger's CEO, and vice-versa, indicating a lack of attention to detail by the scammers. - This phishing campaign is likely leveraging data from past security breaches. Ledger experienced a significant data leak in 2020 that exposed the physical addresses of over 270,000 customers, while Trezor had a breach in January 2024 that compromised the contact information of nearly 66,000 users. - The letters create a false sense of urgency by imposing deadlines, such as February 15, 2026, for a mandatory "Authentication Check" to avoid service disruption. - The QR codes in the letters direct users to malicious websites that mimic the official domains of Trezor and Ledger, designed to capture the user's secret recovery phrase. - This is not the first instance of physical attacks on hardware wallet users. In 2021, there were reports of modified Ledger devices being mailed to users that were designed to steal recovery phrases during setup. - While specific figures for this campaign are not yet available, losses from cryptocurrency phishing and scams have been substantial. In 2023, over $5.6 billion was lost to crypto-related fraud, a 45% increase from the previous year. - Both Trezor and Ledger have issued statements reminding users that they will never ask for a recovery phrase through any form of communication. Recovery phrases should only ever be entered directly on the hardware wallet device itself.