Ledger and Trezor owners are once again receiving scam letters
Scammers are sending physical letters urging users to “verify their devices” through fake QR codes designed to steal seed phrases
17.02.2026 - 08:30
294
2 min
0
Key Points:
- Hardware wallet users are receiving fraudulent notices via regular mail..
- The QR codes in these letters lead to spoofed websites mimicking official brands.
- Entering a seed phrase on these pages gives attackers full control of the wallet.
Users of Ledger and Trezor hardware wallets are once again being targeted by scammers through physical mail. The letters claim recipients must urgently complete a “device verification” or “transaction confirmation” to avoid restricted access to their wallets.
One such case was reported on February 13 by cybersecurity expert Dmitry Smilyanets. The letter included trust-building visual elements such as a hologram and a QR code. Scanning the code redirected users to a fraudulent website. The document appeared to be signed by a company executive, although it contained an error in the stated title.
How the Scam Works
After scanning the QR code, users are taken to a website that closely imitates the official wallet setup interface. The page instructs them to enter their seed phrase under the guise of confirming device security.
Once entered, the seed phrase is transmitted directly to the attackers. With access to the recovery phrase, scammers can import the wallet and drain its funds. Hardware wallet manufacturers never request seed phrases through online forms, email, or physical mail.
These mass mail campaigns are possible due to past data breaches involving customer information, including mailing addresses. In previous years, scammers have sent counterfeit devices, fake QR code notices, and cloned versions of official applications to steal crypto assets.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$62 509
BTC
-3.12%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.11
XRP
-3.32%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.079409
DOGE
-5.64%
-
Zcash
$424.63
ZEC
-7.04%
-
Stellar XLM
$0.193241
XLM
-9.16%
-
Cardano
$0.153743
ADA
-5.05%
-
Polkadot
$3.32
DOT
+5.27%