TechFlow news: On February 17, according to Cointelegraph, users of cryptocurrency hardware wallets Ledger and Trezor have once again received targeted phishing emails attempting to steal their seed phrases. Cybersecurity expert Dmitry Smilyanets reported receiving a spoofed email impersonating Trezor on February 13, demanding users complete an “identity verification check” by February 15—or risk having their devices restricted.
These phishing emails contain holograms and QR codes; scanning them redirects users to malicious websites mimicking the official Ledger and Trezor setup pages, tricking users into entering their wallet seed phrases. The email forges the signature of Trezor CEO Matěj Žák but incorrectly identifies him as the “Ledger CEO.”
Notably, this is not the first such attack. Ledger and its third-party partners have suffered multiple large-scale data breaches in recent years, resulting in the exposure of customer physical addresses and other information. Trezor, too, reported a security vulnerability in January 2024 that exposed contact information of approximately 66,000 customers.
