VulnHub

Real-time Cybersecurity News

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

BleepingComputer
Actively Exploited

Overview

Attackers are targeting users of cryptocurrency hardware wallets Trezor and Ledger by sending fake physical letters that appear to be from these companies. These letters aim to deceive users into revealing their recovery phrases, which can be used to steal their cryptocurrencies. This tactic exploits the trust users have in these well-known wallet providers and could lead to significant financial losses for those who fall for the scam. It’s crucial for users to be cautious and verify any communications they receive, especially when it comes to sensitive information like recovery phrases. The rise of such scams underscores the need for increased awareness and education around cryptocurrency security.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Trezor hardware wallets, Ledger hardware wallets
  • Action Required: Users should verify any correspondence from Trezor or Ledger directly through official channels and never share their recovery phrases.
  • Timeline: Newly disclosed

Original Article Summary

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. [...]

Impact

Trezor hardware wallets, Ledger hardware wallets

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should verify any correspondence from Trezor or Ledger directly through official channels and never share their recovery phrases.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

European Commission breach exposed data of 30 EU entities, CERT-EU says

Security Affairs

A breach involving the European Commission's cloud infrastructure has resulted in the exposure of sensitive data from at least 30 EU entities. The incident was linked to the TeamPCP hacking group, which is known for targeting various organizations. CERT-EU, the Computer Emergency Response Team for the EU, confirmed this breach and made the information public on March 27. This incident raises significant concerns about the security of sensitive government data and the potential for further exploitation of the exposed information. Organizations within the EU must assess their security measures to prevent similar breaches in the future.

Apr 4, 2026

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

darkreading

The article discusses the shortcomings of data privacy labels for mobile apps, emphasizing that while the concept is beneficial, the current implementations fail to provide clear and useful information to users. Researchers found that inconsistencies in how these labels are presented can lead to confusion about what data is collected and how it is used. This lack of clarity can affect user trust and decision-making regarding app downloads. The article calls for improvements in the labeling process to ensure users are better informed about their privacy. Ultimately, enhancing these labels is crucial for protecting user data and fostering a safer digital environment.

Apr 3, 2026

Stryker back online after cyberattack

SCM feed for Latest

Stryker, a prominent medical device manufacturer in the U.S., has announced that it has fully resumed operations after a cyberattack attributed to the Iran-linked hacktivist group Handala. The attack, which occurred three weeks ago, resulted in the wiping of several of Stryker's systems, disrupting its operations. This incident raises concerns about the security of critical healthcare infrastructure, as such attacks can impact patient care and safety. Stryker's swift recovery is a positive sign, but it highlights the ongoing risks that companies in the healthcare sector face from cyber threats. As the industry becomes more reliant on digital systems, securing these networks is increasingly crucial.

Apr 3, 2026

Accelerated Akira ransomware intrusions examined

SCM feed for Latest

Recent findings show that the Akira ransomware group has become more efficient in executing attacks, significantly shortening the time it takes to compromise systems. This development poses a serious risk to organizations, as attackers are now able to exploit vulnerabilities and deploy ransomware more quickly than before. The report from CyberScoop indicates that businesses need to be increasingly vigilant, as traditional defenses may no longer be sufficient against this evolving threat. Companies are urged to review their cybersecurity measures and ensure they are up to date with the latest defenses to mitigate potential attacks. The growing speed of these intrusions could lead to increased financial and operational damage for those caught off guard.

Apr 3, 2026

Threat actors impersonate CERT-UA, distribute AGEWHEEZE malware

SCM feed for Latest

A recent campaign has seen threat actors impersonating CERT-UA, the Ukrainian Computer Emergency Response Team, to distribute AGEWHEEZE malware. This operation has targeted around 1 million users across various sectors, including government, healthcare, education, and finance. By masquerading as a trusted entity, the attackers aim to deceive users into downloading the malicious software, which can lead to data theft and other security issues. The scale of the attack is concerning, as it affects critical sectors that handle sensitive information. Users in these fields should be particularly vigilant about the sources of software downloads and ensure they are only using verified channels.

Apr 3, 2026

Residential proxies undermine IP reputation systems, researchers warn

SCM feed for Latest

A recent study by GreyNoise has revealed that a significant portion of malicious online activity, about 39%, comes from home networks, likely linked to residential proxy services. These proxies allow users to mask their true IP addresses, making it harder for security systems to identify and block malicious traffic. This trend poses a challenge for companies trying to maintain accurate IP reputation systems, as the line between legitimate and malicious traffic blurs. As residential proxies become more common, organizations may find it increasingly difficult to protect themselves from various cyber threats. This situation raises concerns for businesses relying on IP reputation to manage online security.

Apr 3, 2026