Quantum emergency scam on Coinkite hardware wallets

[Antotena]

There is a new wave of Quantum scam going around with users that has their mail compromised through some companies. A user wrote some hours ago that he received a mail letter sent by Coinkite[fake], company behind Coldcard wallet to upgrade his seed security and update firmware to protect his wallet against Quantum attack. The mail letter looks too official, address and name was well composed to look convincing and real but it's scam.

The company behind Coldcard hardware wallet was asked if there is customers data leak but they claimed there was nothing of such. There could be a data leak somewhere or Coinkite doesn't want to admit to leakage of personal data.









Source: https://x.com/coinjoined/status/2031365984368345111

I expect more scams to come through this form, even the ledger that has data leaks will start to receive this scam, be at alert incase you have there hardware wallet.

[Charles-Tim]

First way to know this is a scam is because quantum computers are not yet a threat. The second is that you can check the link for the update, the link will be different from the official link, and that means the link is a link that belongs to scammers. This kind of phishing attack is common to Ledger Nano users.

If there are more users that is complain about this, the email of the people that bought the wallet directly from the company could have been leaked.

[joniboini]

I guess email scams are so common that they have started using postcards to scam people now. I think this is the third or fourth news related to phishing scams I've seen this year. Interestingly, I haven't seen the same attack being used in my country. Most of them seem to target WA or other social media users instead. Either the number of buyers from the official shop is too small, or the cost to attack is too high for whatever reason.

[dkbit98]

What I don't understand is how scammers know the physical addresses of c0ldcard device owner.
I don't remember any c0ldcard leak was released in public, and he didn't say if he actually owns c0ldcard wallet or not.
On first sign I would probably say this is coming from ledger leak, but I don't trust anything coming from NVK lunatic.

[Jwest]

Honestly, stuff like the quantum emergency scam can sound scary, but most of the time it’s just a trick to steal your crypto. Here’s how I handle it:

1. Only trust info from the official Coinkite site or verified accounts.

2. Never share your seed phrase, no update or warning will ever ask for it.

3. Don’t click random links or scan QR codes from messages you didn’t expect.

4. Only do firmware updates through your wallet’s official process.

5. If something seems urgent or freaky, pause and check it out before doing anything.

At the end of the day, your wallet is secure, but your own caution is what really keeps your coins safe

[salad daging]

This postal attack is exactly the same as the Trezor case, where someone receives a letter from the post sent by a scammer. Snail Mail Attack: Trezor/Ledger customers be aware

This is the second time I've seen a case of mail fraud, but it may seem legitimate to the scammers, especially since the mail looks official with a QR code and signature.

Perhaps this method is now more widely seen, although phishing sites sent via email still continue to exist. Stay careful

[Amphenomenon]

First way to know this is a scam is because quantum computers are not yet a threat. The second is that you can check the link for the update, the link will be different from the official link, and that means the link is a link that belongs to scammers. This kind of phishing attack is common to Ledger Nano users.

True but many have a fear of this and prying on this will give hackers leverage often to get more victims, a part of social engineering approach.
We have seen many especially newbies asked questions about quantum computers breaking wallet but in an actual sense that's not the case yet it shows how many are thinking and I'm not surprised attackers are leveraging on this.

If there are more users that is complain about this, the email of the people that bought the wallet directly from the company could have been leaked.

There are ways to identify if a person is using a service often obvious for many since the majority are not privacy cautious or still leave much trace based on what they leave while having conversation also but if many customers suffers from the same fate like you said then it id safe to push the breach more likely on them.

[PrivacyG]

It only really takes one such company who does not know much about Bitcoin but are holding some, they will easily fall for the Scam.  Hopefully, there are none that do.  It would actually be embarrassing to publicly announce that.

-----

First way to know this is a scam is because quantum computers are not yet a threat.

The problem here is.  Most people think they are a significant threat actually.

[Outhue]

It looks confusing enough but what you are asked to do bursted the scam up, why would you ask people to upgrade seed security? By doing what exactly? It makes no single sense because recovery seeds don't need fixing, they are the way they are and if leaked it's gone already, there is no fixing for recovery seed, they should try harder next time.

Many people know what recovery seed is but they don't understand it completely.

Recovery seed is your one way key, they don't need any fixing.
Stop trusting email messages, even if the mail is from the company that sold the hardware wallet to you do not trust them, what if it's an inside job by one of their workers?

The day you bought your hardware wallet should be the last day you have anything to do with the company, the device is working as it should? Cool, that's the end. Keep your recovery seed like it's your last chance to heaven, that's all there is to do.

[KingsDen]

First way to know this is a scam is because quantum computers are not yet a threat. The second is that you can check the link for the update, the link will be different from the official link, and that means the link is a link that belongs to scammers. This kind of phishing attack is common to Ledger Nano users.

If there are more users that is complain about this, the email of the people that bought the wallet directly from the company could have been leaked.

Imagine that the quantum computers is not yet a threat and might no be in a few years but then scammers are using it to rip people already. I just wish this quantum speculations remain a myth or theoretical. If it eventually manifests with the way it is projected, it will create alot of disaster in the cryptocurrency industry.

Concerning writing a good and what looks like an official letter, that is not something difficult to do since we now have personal assistance called AI. It is important to weary everytime you are going to click and untrusted link.

[knowngunman]

It's already going viral. Some other people confirmed receiving the same letter in the comments section under that tweet.

I wish I could read the letter to understand better their trick language but unfortunately, I can't read that language. I don't even know which language it was talk more of reading.

Unless there are undeniable evidence, companies will never admit that customers data is being compromised and sensitive data leaked to other parties.

As cheap as this trick is, gullible people can still fall into this trap and giveaway their coin to scammers. It seems some scammers now run out of ideas because what the hell seed security upgrade suppose to mean?