Logo Daily Crypto Briefs
Open menu

Crypto Scams Hit $9.3 Billion as Fake Wallet Apps Target Ledger and Trezor Users

Kadim Lahcen Nadime Kadim Lahcen Nadime
5 min read
Breaking News
Ledger Trezor FBI IC3 hardware wallet phishing wallet security self-custody
Ledger and Trezor hardware wallets next to a hooded hacker figure, representing fake wallet apps, phishing, and digital asset custody risks.

TL;DR

  • The FBI's 2024 IC3 report logged 149,686 crypto-related complaints and more than $9.3 billion in losses, giving hardware-wallet scam coverage a much bigger context.
  • Ledger and Trezor both warn users that phishing, fake wallet software, and spoofed support remain active threats around self-custody.
  • The key lesson is still the same: users who do not understand how to manage recovery words and private keys are easier to scam, even when the hardware wallet itself is not broken.

March 25, 2026

Crypto-related fraud losses topped more than $9.3 billion across 149,686 complaints in 2024, according to the FBI’s IC3 report, and the latest warning about a Windows wallet sniffer aimed at Ledger and Trezor users fits a broader pattern in which fake wallet apps and weak key management remain a more immediate risk than a direct break of the hardware itself.

The threat lies in the long-running use of spoofed wallet software, fake support flows, and urgent backup-verification scams designed to capture the seed phrase or recovery words that actually control the funds.

That’s why key management is important. Users who understand the difference between a PIN, a password, a recovery phrase, and a passphrase are harder to manipulate because they know which secrets should never be typed into a chat window, an email form, or a surprise “update” screen.

Trezor says on its scams and phishing guide that “Phishing is the most common scam you will encounter in the cryptocurrency space.” Ledger’s own phishing-campaign tracker makes the same point by documenting repeated impersonation campaigns that exploit the software and support layer around self-custody.

That backdrop matters because recent hardware-wallet fear has already been shaped by our report on Joe Grand’s older Trezor case and by our Ledger breach coverage. Those stories were different in their mechanics, but both fed the same market worry: users do not distinguish neatly between a compromised device, a compromised PC, and a convincing fake app.

Market snapshot: Bitcoin traded near $71,163 on March 25, up about 1.1% over 24 hours, with roughly $41.3 billion in volume and a daily range of about $68,970 to $71,300. Ether changed hands near $2,167, up about 1.3%, suggesting traders treated the story as a user-security problem rather than a protocol-level shock.

Fake Wallet Apps Keep Attacking the Desktop Layer

On March 22, Dark Web Informer flagged a listing on X for a “Ledger Windows Desktop Sniffer” that allegedly kills the legitimate Ledger process, launches a fake app, sends Telegram notifications, checks default installation paths, persists on startup, and is advertised for $400. Daily Crypto Briefs could not independently verify the listing or review a public malware sample tied to it.

Even so, the mechanics fit a familiar playbook. Attackers do not need to defeat a secure element first if they can control the computer, swap in a convincing wallet window, or trick the victim into typing recovery words into a fake prompt that looks like a normal update or support step.

That is what makes the desktop layer so dangerous for ordinary users. Hardware-wallet attacks that require lab gear and physical possession get attention, but fake wallet software scales much more easily because it targets the human sitting in front of the screen rather than the chip inside the device.

Key Management Is Still the Real Security Boundary

The point too many users miss is that the seed phrase, wallet backup, or recovery words are the real key to the funds. A PIN protects local access, and a hardware wallet helps isolate signing, but once a user hands over the backup words or keeps digital copies that can be stolen, the scammer no longer needs the device.

For readers who need a refresher on why the private key is the crown jewel and the hardware wallet is only one protective layer, our guide to cryptographic keys and digital signatures is the right place to start. The more clearly users understand what actually controls the wallet, the less likely they are to surrender it in a moment of panic.

Trezor’s guidance also warns that unsolicited texts, WhatsApp messages, phone calls, and even postal letters should be treated as phishing attempts. The rule that matters most is simpler than any brand campaign: no legitimate wallet company needs your recovery phrase to help you.

Ledger and Trezor Face Another Trust Test

Both brands are likely headed for more PR and more user education, not less. Fake-app scares sit in the worst possible zone for self-custody companies because the technical nuance disappears fast and the public headline becomes some version of “hardware wallet hacked,” even when the underlying failure happened on the compromised PC or in the victim’s own handling of recovery words.

The next thing worth watching is not just whether the March 22 listing proves real at scale. It is whether vendors issue fresh advisories, whether researchers publish hashes or detections, and whether scams keep converging around users with poor backup habits or weak desktop hygiene.

What remains unclear is how widely this latest listing has been deployed, whether it has already produced confirmed victims, and whether it directly targets both ecosystems with the same executable or mainly rides Ledger branding while pitching itself more broadly to hardware-wallet users. Until those details are public, the most relevant conclusion is not that self-custody is broken. It is that self-custody still fails fastest when people do not understand how to manage their keys.

Stay up to date

Get the latest crypto insights delivered to your inbox

Primary sources and further reading

Source Title
ic3.gov logo ic3.gov
FBI Internet Crime Complaint Center: 2024 IC3 Report
trezor.io logo trezor.io
Trezor Learn: Scams and phishing
ledger.com logo ledger.com
Ledger: Ongoing phishing campaigns
x.com logo x.com
Dark Web Informer on X: threat actor selling wallet sniffers for Ledger and Trezor users

Fact-checked by: Daily Crypto Briefs Fact-Check Desk

Frequently Asked Questions

What does the $9.3 billion crypto scam figure refer to?

It refers to crypto-related losses reported in the FBI's 2024 IC3 report, which said complaints mentioning cryptocurrency reached 149,686 and losses rose to more than $9.3 billion.

Are fake wallet apps more dangerous than hardware-wallet exploits for most users?

For most retail users, yes. A fake wallet app or spoofed support flow can capture recovery words or trick users into dangerous actions without breaking the hardware wallet itself.

Why does key management matter so much in crypto scams?

Because the recovery phrase or wallet backup is the real key to the funds. Anyone who gets it can often restore the wallet elsewhere and move assets without the physical device.

Can a hardware wallet protect me if I type my seed phrase into a fake app?

No. Once recovery words are entered into a fake app, website, or chat flow, the attacker may be able to recreate the wallet and drain the funds.

What should Ledger and Trezor users do right now?

Use only official wallet software, avoid remote-access support sessions, keep recovery words offline, and treat any request for a seed phrase or backup verification as a scam.