Cybersecurity

Cyber: Snail Mail Letters Target Trezor And Ledger Users In Crypto-theft...

2026-02-14 0 views admin
Cyber: Snail Mail Letters Target Trezor And Ledger Users In Crypto-theft...

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks.

These phishing letters claim recipients must complete a mandatory "Authentication Check" or "Transaction Check" to avoid losing access to wallet functionality, creating a sense of urgency to pressure victims into scanning QR codes that lead to malicious websites.

Hardware wallet users report receiving snail mail letters printed on letterhead that impersonate official communications from Trezor and Ledger security and compliance teams.

It is unclear what the targeting criteria are for these letters, but both Trezor and Ledger [2] have suffered data breaches in the past couple of years that have exposed customer contact information.

A letter impersonating Trezor received by cybersecurity expert Dmitry Smilyanets claims that an "Authentication Check will soon become a mandatory part of Trezor," warning users to complete the process by February 15, 2026, or risk losing functionality on their devices.

"To avoid any disruption to your Trezor Suite access, please scan the QR code with your mobile device and follow the instructions on our website to enable Authentication Check by February 15th, 2026," reads the fake Trezor letter.

"Note: While you may have already received the notification on your Trezor device and enabled Authentication Check, completing this process is still required to fully activate the feature and ensure your device is synchronized with the full functionality of Authentication Check."

A similar Ledger-themed letter was shared on X, claiming a "Transaction Check" would soon become mandatory and warning users to scan a QR code to enable the feature by October 15, 2025, to avoid disruptions.

Scanning the QR codes leads victims to phishing sites impersonating official Trezor and Ledger setup pages, including:

At the time of writing, the Ledger phishing domain is offline, while the Trezor phishing site remains live but is now flagged by Cloudflare as a phishing site.

Source: BleepingComputer

🏷️ Tags

cybersecuritysecuritybreachattackthreat

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views