TLDR
- Crypto hardware wallet users are receiving physical letters claiming to be from Trezor and Ledger demanding authentication checks by specific deadlines
- The fake letters include holograms and QR codes that lead to phishing websites designed to steal wallet recovery phrases
- One letter incorrectly identifies Trezor CEO Matěj Žák as “Ledger CEO” and threatens device restrictions if users don’t comply
- Once victims enter their recovery phrases on fake websites, scammers can access their wallets and steal all funds
- These physical mail scams follow multiple data breaches at Ledger and Trezor dating back to 2020 that exposed customer mailing addresses
Cryptocurrency hardware wallet users are receiving fraudulent physical letters claiming to be from Ledger and Trezor. The letters demand users complete authentication checks or face device restrictions.
A new scam affecting @Trezor customers:
– a physical mail ✅
– a hologram ✅
– a QR code leading to the scam website ✅
– a signature of @Ledger CEO 😂😂😂
– mailed from 🇺🇸 PA pic.twitter.com/ou60qtsVmK— 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 (@ddd1ms) February 12, 2026
Cybersecurity expert Dmitry Smilyanets reported receiving a fake Trezor letter on February 13. The letter threatens to restrict devices if users don’t perform an “Authentication Check” by February 15.
The scam letter includes a hologram and QR code designed to appear legitimate. The letter claims to be signed by Matěj Žák, incorrectly identified as “Ledger CEO” when he actually leads Trezor.
A similar letter was sent to Ledger users in October. That version demanded recipients complete “Transaction Check” procedures.
How the Scam Works
The QR codes in these letters direct users to fake websites. These sites are designed to mimic legitimate Ledger and Trezor setup pages.
The fraudulent websites prompt users to enter their wallet recovery phrases. These phrases are the master keys to cryptocurrency wallets.
Once users enter their recovery phrases, the information is sent to scammers through a backend API. The criminals can then import the victim’s wallet and steal all funds.
Legitimate hardware wallet companies never ask users to share recovery phrases. This applies to all communication methods including websites, emails, and physical mail.
Data Breaches Made Physical Attacks Possible
Ledger has experienced multiple data breaches through third-party partners over recent years. These breaches exposed customer data including physical mailing addresses.
Trezor reported a security breach in January 2024. The incident exposed contact information for nearly 66,000 customers.
In 2021, scammers mailed fake Ledger Nano hardware wallets to victims of a 2020 data breach. Physical letters with QR codes appeared again in April 2025.
Hackers also deployed fake Ledger Live apps in May to steal seed phrases. Ledger posted warnings about the physical mail scam on its website in October.
Crypto Scams Continue Despite Market Conditions
Deddy Lavid, CEO of cybersecurity firm Cyvers, told Cointelegraph that crypto scams don’t decline during bear markets. Instead, they evolve and adapt to market conditions.
Social engineering and impersonation scams often increase during downturns. Users become more anxious and reactive during market slumps.
Fear-based tactics like fake compliance letters exploit this anxiety. Wallet alerts and urgent deadlines pressure users into making quick decisions.
The current wave of physical letters represents the latest evolution in ongoing attacks. These attacks have targeted hardware wallet users since the first major data breaches in 2020.
