Analysts reported campaigns that combine postal letters with QR codes that direct hardware-wallet users to phishing pages that capture 24-word seed phrases. Researchers warn these low-cost, offline-to-online funnels have become effective vectors for large crypto thefts, with some assets recovered but many losses remaining significant.

Security researchers documented an emerging, high-return tactic that starts with realistic-looking physical letters instructing recipients to scan QR codes for purported “auth checks” or vendor notices; the QR codes lead to phishing sites engineered to capture 24-word hardware-wallet seed phrases and other sensitive data. Analysts described the physical-mail → QR → seed-phrase funnel as particularly dangerous because postal delivery lends credibility and the QR workflow overcomes browser-based suspicion; victims who scan proceed to convincing pages that prompt hardware-wallet users to reveal recovery phrases under the guise of security or verification. Law-enforcement tracing and forensic recovery have reclaimed some assets, but investigators caution the schemes are inexpensive to run and highly profitable for organized fraud networks that reuse scripts, cloned vendor pages and social-engineering templates. The reporting highlighted the need for vendor education, verified out-of-band communications, and consumer guidance to never enter seed phrases into websites or follow unsolicited QR prompts—advice that researchers say must be amplified to stem rising losses.