Scammers Mail Trezor and Ledger-Branded Letters with QR Codes to Phish Hardware Wallet Seeds

A coordinated phishing campaign is using professionally produced physical mail to impersonate hardware wallet vendors Trezor and Ledger and trick users into surrendering recovery seeds. Mailers include official-looking letterheads, holograms, forged signatures and QR codes that lead to cloned “authentication” or verification websites. The letters claim mandatory security updates or time-limited "Authentication/Transaction Checks," creating urgency to push recipients to scan QR codes and enter 12/18/24-word recovery seeds — data wallet providers never request. Researchers have posted examples on social platforms; attackers likely exploited past data breaches (Ledger’s 2020 incidents and partner leaks, and Trezor’s MailChimp/support-portal exposures) exposing emails, postal addresses, phone numbers and proof of device ownership. This marks an escalation from email-only phishing to high-conviction, multi-channel social engineering (postal mail, SMS, spoofed apps) that bypasses email filters and uses QR codes to obscure malicious URLs. Recommended defences for traders and hardware-wallet holders: never enter your seed phrase into websites or apps; verify any notification via official vendor sites; avoid scanning unsolicited QR codes; enable and use optional passphrases; and follow vendor advisories. Market relevance: the threat is primarily at the user level (wallet drains), not a protocol vulnerability. However, sustained successful social-engineering thefts could erode retail confidence, increase selling pressure from liquidations of stolen assets, and raise short-term volatility for affected tokens. Primary keywords: hardware wallet phishing, Trezor, Ledger, seed phrase, QR code scam. Secondary keywords: hardware wallet security, data breach, recovery seed, crypto phishing, wallet safety.