Recent reports indicate that users of crypto hardware wallets, specifically Ledger and Trezor, are receiving fraudulent letters that seek to steal their seed recovery phrases. A letter received by cybersecurity expert Dmitry Smilyanets on February 13 demands an "Authentication Check" by February 15, threatening users with device restrictions if they fail to comply. This letter falsely claims to be signed by Matěj Žák, who is inaccurately identified as the CEO of Ledger, while he is actually the CEO of Trezor.
The deceptive correspondence includes a hologram and a QR code, which directs users to a malicious website designed to resemble official setup pages. If victims input their recovery phrases, the information is sent to the attackers, allowing them to access the victims' wallets and potentially steal their funds. Such scams are not new; a similar letter was reported by a Ledger user in October of the previous year, which required a "Transaction Check."
Legitimate hardware wallet companies do not request recovery phrases through any communication means. Previous breaches have exposed customer data, including physical addresses, heightening security concerns for users. In January 2024, Trezor revealed a security incident affecting nearly 66,000 customers, further illustrating the ongoing risks in the cryptocurrency space.