TZUTC: -0500   
   MSGID: 2196.consprcy@1:2320/105 2dfb1069   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Now that's old school - hackers are turning to snail mail to carry out crypto   
   thefts   
      
   By Efosa Udinmwen published 18 hours ago   
      
   Old-school paper and envelopes become a new danger for crypto users   
      
       Physical letters are replacing emails to deliver hardware wallet phishing   
   campaigns   
       QR codes in envelopes direct victims to fake credential harvesting websites   
       Trezor and Ledger owners receive urgent notices demanding authentication   
   checks   
      
   Experts have warned physical letters are being used in cryptocurrency theft   
   campaigns which rely on QR codes and urgent warnings to trick hardware wallet   
   owners.   
      
   The approach replaces email with printed mail, yet the underlying technique   
   remains traditional phishing, according to cybersecurity expert Dmitry   
   Smilyanets , who detailed receiving one such letter.   
      
   Instead of malicious attachments, victims receive envelopes that appear to come   
   from security teams linked to hardware wallet brands.   
      
   QR codes lead to credential harvesting sites   
      
   The letters claiming an Authentication Check or Transaction Check will soon   
   become mandatory for continued wallet access, and instructs users to scan a QR   
   code to avoid disruption, with deadlines stretching into early 2026.  Once   
   scanned, the codes direct users to malicious websites that imitate official   
   setup pages associated with Trezor and Ledger devices.   
      
   One domain tied to the Ledger theme has already gone offline, while a Trezor   
   - themed domain remains accessible but flagged by Cloudflare as phishing   
   infrastructure.   
      
   The fraudulent site instructs visitors to complete an authentication process   
   before a stated deadline, warning that failure could restrict wallet access or   
   interfere with transaction signing.     
      
   The page accepts 12, 20, or 24 - word phrases and forwards that information   
   through a backend API endpoint controlled by the attackers.  With that data,   
   threat actors can import the wallet and transfer funds without further   
   interaction.   
      
   It remains unclear how recipients were selected, though previous data breaches   
   involving hardware wallet vendors exposed customer contact details, raising   
   questions about whether leaked mailing addresses are being reused for physical   
   phishing campaigns.   
      
   Hardware wallet recovery phrases function as the textual form of private keys   
   controlling access to cryptocurrency funds.  Anyone who obtains that phrase   
   gains complete control over the associated wallet.  Manufacturers state that   
   recovery phrases should only be entered directly on the hardware device during   
   restoration and never on a website or mobile browser.   
      
   Security vendors note that technical safeguards such as firewall software can   
   prevent many unauthorized network connections.   
      
   Strong endpoint protection remains crucial for detecting and blocking   
   suspicious activity on individual devices.  Users should also maintain updated   
   malware removal tools to ensure that malicious software does not compromise   
   wallets when interacting with any links or downloads.   
      
   The shift to snail mail does not introduce new technical methods, but it shows   
   that attackers continue adapting delivery mechanisms when digital channels   
   become saturated.   
      
   The novelty lies in the envelope, not the exploitation technique - and that   
   distinction may be enough to lower skepticism among recipients.   
      
   Via BleepingComputer   
      
      
   https://www.techradar.com/pro/now-thats-old-school-hackers-are-turning-to-snail   
   -mail-to-carry-out-crypto-thefts   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426