Overview
- Security researcher Dmitry Smilyanets reported receiving a Trezor‑branded letter on February 13 featuring a hologram, a QR code, and an urgent deadline for an “Authentication Check.”
- Scanning the QR code routes victims to convincing look‑alike sites that ask for wallet recovery phrases, which let attackers import accounts and steal funds.
- One letter falsely labeled Trezor CEO Matěj Žák as “Ledger CEO,” and a mailing was reported as postmarked from Pennsylvania.
- Ledger and Trezor stress that legitimate providers never request seed phrases through email, websites, phone calls, or physical mail.
- The campaign leverages earlier data leaks, including Trezor’s January 2024 incident exposing nearly 66,000 contacts, and follows prior mail and app‑based scams dating back to 2021.