Crypto: Crypto Phishers Are Sending Letters To Trezor, Ledger Users Again

It's not the first time scammers have used snail mail to target victims of hardware wallet company data breaches from years ago.

Users of crypto hardware wallets Ledger and Trezor are again reporting receiving physical letters aimed at stealing their seed recovery phrases — the latest attack on users that has been exposed in numerous data leaks over the past six years.

Cybersecurity expert Dmitry Smilyanets was one of the first to report receiving a spurious letter from Trezor on Feb. 13, which demands users perform an “Authentication Check” by Feb. 15 or risk having their device restricted.

Smilyanets said the scam uses a hologram and a QR code that leads users to a scam website. The letter is made to appear signed by Matěj Žák, who is described as the “Ledger CEO” (the real Matěj Žák is the CEO of Trezor).

A Ledger user reported receiving a similar letter last October, claiming that recipients must complete mandatory “Transaction Check” procedures.

The QR code reportedly leads users to a malicious website designed to look like Ledger and Trezor setup pages, tricking them into entering their wallet recovery phrases.

Once entered, the recovery phrase is transmitted to the threat actor via a backend API, allowing them to import the victim’s wallet to their device and steal funds from it.

Related: Phishing scammers spoof Ledger’s email to send bogus data breach notice

Legitimate hardware wallet companies never ask users to share their recovery phrases through any method, including website, email, or snail mail.

Asked whether crypto scams could see a decline with a crypto market slump, Deddy Lavid, CEO of cybersecurity firm Cyvers, told Cointelegraph that historically, crypto scams don’t decline in bear markets, “they just evolve/adapt.”

Source: CoinTelegraph