Scammers are using old data leaks from years ago to find out where crypto users live. They are sending professional-looking letters that claim you need to perform a "mandatory security check" or an "authentication update."
These letters often look very official, complete with company logos and even fake holograms. One recent letter was "signed" by the CEO of Trezor, but it mistakenly called him the CEO of Ledger. These small mistakes are often the only clue that the letter is a total fake.
Scanning a Malicious QR Code for "Mandatory" Checks
The hook of this scam is a QR code that directs users to an advanced clone of the official Ledger or Trezor setup pages. These sites prompt the user to enter their 12 or 24-word recovery phrase under the guise of a security update or compliance check.
The moment a user types these words, they are sent directly to the attacker. Because the recovery phrase is the master key to the blockchain, the scammer can instantly recreate the wallet on their own device and drain every cent. Your recovery phrase should never be entered into any website, app, or digital form.
Not the First Time Letters Have Been Sent
This is a persistent ghost of past security failures. Ledger's massive 2020 data breach and Trezor's 2024 contact info leak (affecting 66,000 customers) provided a roadmap for these criminals. In 2021, some victims even received counterfeit hardware wallets in the mail designed to look like brand-new replacements.
How to Protect Yourself
- Never enter your seed phrase on any website — not even official-looking ones.
- Ledger and Trezor will never ask for your seed phrase via mail or online.
- If you receive such a letter, shred it immediately and report it.
- Check for small errors — wrong names, mismatched logos — as clues of a fake.
If you have already fallen victim to this scam, contact our team immediately for a recovery assessment.
Have You Been Scammed?
Open a case today and let our experts begin the recovery process. A case-opening fee applies; full refund if unsuccessful.