Users of hardware wallets from Trezor and Ledger are receiving fraudulent postal letters requesting urgent account verification.

Modus operandi of the campaign

Scammers send printed notices that imitate official support correspondence and insist on an immediate verification to avoid alleged account suspension.

Recipients are instructed to scan a QR code and enter their wallet seed phrase on the linked page, which is a phishing site designed to capture credentials.

Consequences for victims

After the seed phrase is submitted, attackers obtain full control over the compromised wallet and can transfer funds without further interaction from the owner.

The scheme results in irreversible asset loss because control over private keys grants immediate withdrawal ability to the fraudsters.

Recommendations for users

• Ignore unsolicited postal letters that request seed phrases or private keys, and do not scan QR codes from unknown sources.
• Never disclose a seed phrase to any website, support channel, or person; legitimate providers will not request it.
• Verify official communications only via the wallet vendor’s documented channels, and confirm any suspicious messages directly on the vendor website.
• Warn friends and family who use hardware wallets about this campaign to reduce further victimization.

Closing note

Users who suspect compromise should move remaining assets to a secure wallet with new keys and consult the vendor’s official support resources for further guidance.