Crypto Wallet Scammers Target Trezor and Ledger Users via Snail Mail

Post Views: 1

Cybercriminals Target Cryptocurrency Hardware Wallet Users with Fake Letters

Cybercriminals are using a new tactic to target users of cryptocurrency hardware wallets, sending fake letters that appear to be from well-known manufacturers Trezor and Ledger. These letters are part of a phishing campaign designed to trick victims into divulging their wallet recovery phrases, allowing the attackers to gain control of the wallets and steal funds.

The Phishing Campaign

The letters, which are printed on letterhead that mimics the branding of Trezor and Ledger, claim that the recipient must complete a mandatory “Authentication Check” or “Transaction Check” to maintain access to their wallet. The letters create a sense of urgency, warning that failure to complete the process by a specified deadline will result in lost functionality or disruptions to the wallet.

The Malicious Website

The letters include a QR code that, when scanned, directs the user to a malicious website that impersonates the official setup pages of Trezor and Ledger. These phishing sites, which have been identified as https://trezor.authentication-check[.]io/ and https://ledger.setuptransactioncheck[.]com/, prompt the user to enter their wallet recovery phrase to “verify device ownership” and enable the authentication feature.

If the user proceeds, the recovery phrase is transmitted to the attacker through a backend API endpoint, allowing them to import the victim’s wallet onto their own device and steal funds.

Consequences and Prevention

This type of attack is particularly concerning, as hardware wallet recovery phrases are the key to controlling access to the wallet and its funds. Manufacturers such as Trezor and Ledger will never ask users to share their recovery phrases, and users should never enter this information on a computer, mobile device, or website.

The fact that these letters are being sent via physical mail makes them more convincing to some users, who may be less cautious than they would be with phishing emails. However, the consequences of falling victim to this type of attack can be severe, resulting in the loss of cryptocurrency funds.

Protect Yourself

Users of Trezor and Ledger hardware wallets should be aware of this phishing campaign and take steps to protect themselves. This includes being cautious of any letters or emails that ask for recovery phrases or other sensitive information, and never entering this information on a website or computer.