Launchpad

Breaking News : Advertise with us & Help to Burn 75% $QRA from it’s monthly revenue until 25% left. Breaking News : Launch your Dream project on "qerra - hYBRID Launchpad Ecosystem" & Give boost to your community Breaking News : Advertise with us & Help to Burn 75% $QRA from it’s monthly revenue until 25% left. Breaking News : Launch your Dream project on "qerra - hYBRID Launchpad Ecosystem" & Give boost to your community

Hacks News

New Wave of Mail Phishing Attacks Hits Hardware Wallet Owners

New Wave of Mail Phishing Attacks Hits Hardware Wallet Owners

Crypto phishing scams are evolving again — and this time attackers are going old school. A new wave of physical mail phishing attacks is targeting users of hardware wallet providers like Ledger and Trezor, attempting to trick recipients into revealing their seed recovery phrases through fake letters and malicious QR codes.

This latest campaign shows that even as digital defenses improve, scammers continue to adapt their tactics using previously leaked customer data and social engineering strategies. Hardware wallet users must now be alert not just to suspicious emails and websites, but also to fraudulent postal mail.


Physical Letters Used for Seed Phrase Theft

Several hardware wallet users have reported receiving fraudulent letters that appear to be official communications from wallet manufacturers. These letters claim that urgent action is required — such as completing an “authentication check” or “transaction verification” — or the device could be restricted or compromised.

Cybersecurity researcher Dmitry Smilyanets reported receiving one such letter that impersonated Trezor branding and formatting. The message instructed the recipient to scan a QR code and complete a security validation process before a tight deadline. The printed material looked convincing and even included a hologram to boost credibility.

However, the QR code redirected to a malicious phishing website designed to closely resemble an official wallet setup page. Victims who enter their recovery seed phrase on such sites effectively hand over full wallet control to attackers.

Importantly, scammers also made factual errors in their impersonation attempt — including incorrectly identifying company leadership — but many users may overlook these details under pressure.


How the QR Code Scam Works

The phishing letters typically push urgency and fear. They warn users that failure to act immediately could result in account restrictions or loss of access. The QR codes embedded in the letters lead to fake setup or verification portals.

Once a victim enters their seed recovery phrase:

  • The phrase is instantly captured
  • It is transmitted to attacker-controlled servers
  • Criminals import the wallet to their own device
  • Funds are quickly drained

This method is especially dangerous because seed phrases provide complete control over crypto assets. No password or two-factor authentication can reverse the damage once the phrase is exposed.

Hardware wallet providers never request recovery phrases through mail, email, phone, QR code, or website forms.


Data Breaches Still Fueling Attacks

These postal phishing attacks are largely possible due to historical customer data leaks. Over the past several years, multiple third-party and partner database breaches exposed user information — including names, phone numbers, and physical mailing addresses.

Those leaked records continue circulating among cybercriminal groups and are repeatedly reused in new scam campaigns.

In earlier incidents, scammers mailed fake hardware wallets to customers affected by prior breaches. More recently, fake desktop and mobile wallet applications have also been used to harvest recovery phrases.

The persistence of these attacks shows that data leaks can have long-term consequences far beyond the initial breach window.


Crypto Scams Continue in All Markets

According to cybersecurity firm Cyvers, crypto scams do not disappear during market downturns — they simply change form.

When speculative trading slows, attackers often shift toward impersonation and social engineering tactics. Fear-based messaging becomes more effective when users are already anxious about market conditions or account safety.

Fake compliance notices, urgent security alerts, and verification demands are commonly used psychological triggers. Physical letters add another layer of perceived legitimacy, making victims more likely to comply.


How Hardware Wallet Users Can Stay Safe

Crypto users should follow strict safety practices to avoid falling victim to these mail phishing schemes:

  • Never share your seed recovery phrase with anyone
  • Do not scan QR codes from unsolicited letters
  • Ignore urgent verification demands sent by post
  • Visit wallet provider sites only by typing the URL manually
  • Verify announcements through official company channels
  • Treat physical mail the same way you treat suspicious emails

If a letter claims to be from a wallet provider, assume it is fraudulent unless verified directly through official support pages.

Tags:

Read Previous

Binance Hits Back at Iran Sanctions Breach Allegations in New Statement
Read Next

Singapore’s Crypto Regulations and the Coinhako Growth Story