Key Takeaways
- Ledger and Trezor users are being targeted by physical mail scams aiming to steal seed recovery phrases and access crypto wallets.
- Scam letters often include QR codes, holograms, and fake signatures to make fraudulent requests appear legitimate and urgent.
- Trezor reminds users that they will never reach out first or ask for recovery phrases, and advises always checking information through official channels.
Owners of Ledger and Trezor hardware wallets, two of the most widely used devices for storing cryptocurrencies offline, are once again being targeted by physical mail scams. The letters are meant to trick users into revealing their seed recovery phrases and are part of an ongoing wave of attacks linked to multiple data leaks over the past six years.
Cybersecurity researcher Dmitry Smilyanets was among the first to raise concerns after receiving a fake letter claiming to be from Trezor. The notice warned that users must complete an urgent “Authentication Check” by a set deadline or risk having their wallet restricted.
Smilyanets said the letter looks convincing and includes a hologram and a QR code that leads to a fraudulent website. It is also falsely signed by Matěj Žák, who is incorrectly described as Ledger’s CEO, despite actually leading Trezor.
Similar tactics have appeared before. A Ledger user reported receiving a nearly identical letter last October that claimed recipients were required to complete a mandatory “Transaction Check,” using urgency and fear to push users into sharing sensitive wallet information.
How Fake QR Checks Lead to Full Wallet Compromise
The scam plays on trust and urgency. Users are encouraged to scan a QR code that claims to lead to an official security step for Ledger or Trezor. Instead, the code redirects them to a polished fake website that closely resembles legitimate setup or recovery pages.
Believing they are protecting their wallet, users are asked to enter their recovery phrase to complete the process. That information is then silently sent to the attacker, who can restore the wallet on another device. With full access granted, the funds can be moved out almost instantly, leaving victims with little chance of recovery.
Understanding Seed Recovery Phrases and Why They Matter
For many crypto users, the importance of a seed recovery phrase isn’t always clear. Think of it as the master key to your wallet. Anyone who has it can access all the assets inside. If this information falls into the wrong hands, even by accident, it can lead to instant and irreversible loss of funds. That’s why it’s essential never to share your seed phrase, no matter how official or convincing a request may seem. Protecting it is one of the simplest yet most critical steps in keeping your crypto secure.
Trezor’s Response and Guidance for Users
In light of the recent scam letters, Trezor has emphasized that they will never initiate contact with users asking for recovery phrases or other sensitive wallet information. Users are advised to never share their backup phrases and to rely solely on official communication channels, always taking the time to verify any requests before responding.
Trezor also clarified that they are not aware of any breaches exposing customers’ physical addresses and that they minimize the storage of personal data, keeping only what is legally or logistically necessary. Despite this, attackers are reportedly combining leaked information from various crypto databases to target not just Trezor users, but cryptocurrency holders more broadly. This underscores the importance of vigilance and double-checking any suspicious requests.
Previous Mail Scams Show Persistent Threats
This is not the first time attackers have exploited offline channels to target crypto users. Over the past few years, Ledger and its third-party partners have experienced several major data breaches, exposing customer information, including postal addresses, which in some cases led to real-world threats.
Keeping your wallet safe is essential, and users must remain vigilant against attempts to exploit leaked data. Trezor also reported a security incident in January 2024, when the contact details of nearly 66,000 users were compromised.
Scammers have previously leveraged such leaks to launch email-based attacks. In 2021, counterfeit Ledger Nano devices were sent to victims of the 2020 Ledger breach. Later, in April 2025, fraudulent letters instructed recipients to scan QR codes, and by May, attackers were distributing fake Ledger Live apps to steal seed phrases and drain funds from victims’ wallets.
Tips for Keeping Your Wallet Safe
Practical guidance reinforces user safety:
- Never share your recovery phrase with anyone.
- Verify any communication through official channels before acting.
- Be skeptical of urgent demands or unusual requests.
- Regularly review your wallet and device security settings.
- Stay informed about past breaches and emerging scams.
Following these steps helps protect your crypto and keep your wallet secure. Staying alert and cautious is the best way to avoid falling victim to scams.
Final Thoughts
The recent wave of physical mail scams targeting Ledger and Trezor users highlights how persistent and sophisticated attacks on crypto holders have become. With attackers exploiting both leaked data and psychological tactics, staying vigilant is more important than ever. Protecting your recovery phrase, verifying all communications through official channels, and maintaining good security habits are simple but powerful ways to safeguard your assets. In the fast-evolving world of cryptocurrency, caution and awareness remain the most effective defenses against fraud.
Frequently Asked Questions
What are the recent scams targeting Ledger and Trezor users?
Scammers are sending physical letters that urge users to reveal their seed recovery phrases, often using fake QR codes, holograms, and signatures.
How do these scam letters trick users?
They create urgency, claiming mandatory “Authentication” or “Transaction Checks,” and include polished QR codes that lead to fake websites mimicking official wallet pages.
What happens if a seed recovery phrase is shared?
Once entered on a fake site, the phrase is sent to attackers, who can import the wallet on another device and immediately steal all funds.
What is a seed recovery phrase, and why does it matter?
Think of it as the master key to your wallet. Anyone who has it can access all your crypto, so it should never be shared, even if the request looks official.
Have similar scams happened before?
Yes. Past attacks included counterfeit Ledger Nano devices, fraudulent letters, and fake Ledger Live apps that aimed to steal seed phrases and drain funds.
Why is vigilance important in cryptocurrency security?
Attackers exploit both leaked data and psychological tactics. Staying alert, cautious, and consistent with security habits is the best way to protect your assets.
