Ledger and Trezor Users Are Being Tricked Into Giving Away Millions

Crypto wallet users are facing a new kind of scam that feels more personal and more dangerous than typical phishing attacks. Scammers are sending real-looking letters pretending to be from Trezor and Ledger. The letters tell people to do an “Authentication” or “Transaction Check” to keep their wallets working.

The letters are made to make people panic and act quickly, often asking them to scan QR codes that take them to fake websites. Experts say it’s a trick to steal wallet recovery phrases, giving scammers full access to your crypto.

People who received the letters say they look very official, with Trezor and Ledger letterheads. Some even include deadlines, like February 15, 2026, for Trezor users or October 15, 2025, for Ledger users. Scammers are using old data breaches to make sure the letters get to real customers.

For instance, cybersecurity expert Dmitry Smilyanets received a letter stating, “To avoid any disruption to your Trezor Suite access, please scan the QR code with your mobile device and follow the instructions on our website to enable Authentication Check by February 15th, 2026.”

How the scam works

When users scan the QR codes, they’re taken to fake websites that look just like Trezor or Ledger’s official setup pages. The Trezor site tells users to complete an authentication check unless they bought their device after November 30, 2025. 

It then shows scary warnings about wallet errors or limited access. Finally, it asks users to enter their 12-, 20-, or 24-word recovery phrase. Once entered, scammers can take control of the wallet and steal all the funds.

Phishing emails like this happen a lot, but receiving fake letters in the mail is still rare. In the past, scammers even sent modified Ledger devices through the mail to steal recovery phrases during setup. That’s why hardware wallet users must stay alert. Never type your recovery phrase on a website, phone, or computer. Trezor and Ledger both warn that recovery phrases should only ever be used directly on the hardware wallet.

Mac users also at risk

Apart from the hardware wallet scams, macOS users are under the threat of advanced phishing attacks that target system credentials. Blockchain security company SlowMist found that the attackers used emails that appeared to be compliance notifications or audit results. 

The emails contained Word or PDF documents that carried AppleScript malware. When the documents were opened, it enabled the attackers to steal information from the users’ memories.

Ponzi scams persist

Moreover, crypto scams are also ongoing worldwide. Recently, Ramil Ventura Palafox, the CEO of Praetorian Group International (PGI), was given a 20-year prison sentence. He scammed more than 90,000 investors out of over $201 million, including $171 million in bitcoin. Palafox promised his investors a daily return of 0.5% to 3%, as he claimed that PGI traded bitcoin on a large scale. 

However, his actual business was using payments from new investors to fund his purchases of luxury cars, houses, and designer items, with some victims losing more than $62 million.

These scams show just how careful crypto users need to be. Always double-check messages, don’t scan QR codes from strangers, and never share your wallet recovery phrase.

Also Read: Binance Co-CEO Teng Slams ‘Misleading’ Sanctions Violations Report

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.