Fake Trezor, Ledger Letters Target Crypto Wallet Users

Users of crypto hardware wallets Ledger and Trezor are again receiving physical letters designed to steal seed recovery phrases. Cybersecurity expert Dmitry Smilyanets reported receiving a spurious Trezor letter on Feb. 13 that demanded an “Authentication Check” by Feb.

15 or warned of device restrictions. The mailpiece included a hologram and a QR code and was made to appear signed by Matěj Žák, identified in the letter as the “Ledger CEO” (the real Matěj Žák is the CEO of Trezor). The QR code leads to a malicious site mimicking Ledger and Trezor setup pages, where victims are prompted to enter their recovery phrases.

When entered, the phrases are transmitted via a backend API, allowing the attacker to import the wallet onto another device and drain funds. Legitimate hardware wallet companies never ask users to share recovery phrases by website, email, or mail.

trezor, ledger, hardware wallet, recovery phrase, seed phrase, phishing letters, qr code, malicious site, matěj žák, dmitry smilyanets