Security researchers observed attackers mailing fraudulent letters to owners of Trezor and Ledger devices. The mailed letters appear to reference the recipient’s crypto wallet and urge action related to their seed phrase. Attackers designed the letters to look legitimate with custom details inside printed envelopes. Recipients often receive the mail after recent hardware purchases or online order tracking visibility.
The scam text instructs users to visit a malicious domain for “security updates” or hardware redemption offers. On the fraudulent site, visitors see prompts to enter their private seed words to “verify ownership” or “unlock assets.” Threat actors use the stolen seed phrases to transfer digital assets out of targeted wallets. Social engineering through physical mail increases victims’ trust in the scam’s authenticity.
Researchers highlighted that this tactic leverages data scraped from public records, retailer databases, or shipment notifications. Attackers can customize letters with names, partial wallet model details, and purported support contacts. This customization, therefore, makes physical mail scams more convincing than generic email or SMS phishing attempts. The mailed letters often warn of “urgent security notices” or “account closures” to pressure quick responses.
Security firms cautioned that hardware wallets protect only against remote hacks, not user-shared secrets. If users reveal their mnemonic seed phrases or private keys, attackers can bypass hardware protections entirely. Additionally, scammers may include QR codes that link directly to malicious seed collection forms. Users have reported receiving these letters weeks after their hardware wallet orders ship.
The refund or upgrade claims in the letters often entice users to take immediate action. Researchers said many victims misinterpret legitimate branding elements included in the scam envelopes. In some cases, attackers emulate official Ledger or Trezor support documentation. Physical mail allows scammers to bypass email spam filters and SMS fraud blocks.
How Users Can Protect Against Mail-Based Scams
Security experts urge hardware wallet users to treat unsolicited mail with suspicion. Users should verify any claim requiring seed phrase entry with official support channels. Legitimate wallet providers never ask for seed phrases, private keys, or recovery words for “verification.” If a mail notice appears urgent or threatening, recipients should cross-check order records and official support pages.
Users should also ensure that their shipment tracking notifications come from authorized retailer domains. Any third-party unsolicited offer relating to crypto assets should be avoided entirely. Criminal referrals increase for scam campaigns that combine personalized mail with fraudulent online forms. Reporting suspicious letters to law enforcement may help future investigations. Community forums also share examples of fraudulent mail to educate new hardware wallet buyers.
Highlighted Crypto News:
Upbit Lists Bittensor (TAO) with KRW, BTC, and USDT Trading Pairs
