Ledger and Trezor Scam Alert: Fake Letters Target Wallet Users

In 2026, crypto scams are no longer limited to emails, fake airdrops, or malicious apps. Scammers have taken things a step further by sending physical letters to the homes of hardware wallet users, asking them to scan QR codes and “secure” their wallets by entering recovery seed phrases. This is exactly what is now happening to users of Ledger and Trezor, and the letters look shockingly real.

Scammers Target Ledger and Trezor Users With Fake Physical Letters

In the past few days, many crypto users reported receiving physical letters that appear to be official notices from Ledger and Trezor support teams. 

The letters warn users to complete a “mandatory authentication check” or “transaction verification” before a strict deadline, including February 15, 2026, in some cases.

The documents look so professional and convincing. Some include holograms, fake signatures, and branding elements to appear legitimate.

In one case, a letter was falsely signed using the name of Trezor’s CEO, adding more confusion for recipients.

How the Ledger and Trezor Scam Works

The scam follows a simple method. 

Inside the letter, users are asked to scan a QR code to secure their wallet. Once scanned, the code redirects to a fake website that closely resembles the official platform.

Next, the website asks users to enter their 12, 20, or 24-word recovery seed phrase. The moment when the user enters the recovery seed phrase, attackers gain full control of the wallet. Later, they immediately transfer out all crypto assets.

Both Ledger & Trezor have confirmed that they never ask for recovery phrases and never contact users asking for sensitive details. Recovery words should only be entered directly on the hardware device itself.

How Scamers Got User’s Data

Shedding more light on the details behind this scam. The security experts believe, and companies believe, that the scam is linked to past data breaches. Ledger suffered a major customer data leak in 2020, and more exposure reportedly occurred in early 2026 through a third-party payment processor. 

Trezor also confirmed a breach in January 2024 that exposed the contact information of nearly 66,000 users.

$69 Million Goan In Just 2 Months 

According to blockchain security firm SlowMist, since the beginning of this year, the crypto and blockchain ecosystem has already recorded losses of nearly $69 million. 

Meanwhile, these losses have come from smart contract vulnerabilities, hacked accounts, supply chain attacks, flash loan exploits, and sandwich attacks, showing that security threats in crypto continue to grow in many different forms.

Users are advised to destroy any suspicious mail immediately and verify updates only through official company websites.