Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Fishermen began disguising themselves as tax officials to steal seed phrases., 2026/04/30 16:55:01
Researchers from the Russian “Kaspersky Lab” have reported the emergence of websites that mimic tax authorities in Germany, France, Austria, Switzerland, Brazil, Chile, and Colombia. Fraudsters are attempting to extract seed phrases from traders to gain access to cryptocurrency addresses.
Kaspersky Lab identified phishing schemes targeting German and French crypto traders as particularly aggressive. Hackers inform cryptocurrency owners that, under European Union law, they are required to “verify digital assets,” or face fines of up to 1 million euros ($1.1 million).
Victims are redirected to sites whose interfaces replicate those of legitimate tax services—such as the German ELSTER portal for electronic tax submissions or the French Ministry of Economy and Finance website. Users are persuaded that by completing the verification process, their cryptocurrency earnings will not be taxed. The site requests the seed phrase from potential victims. Once obtained, the attackers gain full control over the funds. If individuals refuse to provide confidential information, they are threatened with legal action.
Related Posts
Fake German websites typically target users of hardware wallets like Ledger and Trezor, as well as Trust Wallet, MetaMask, and Phantom, in addition to clients of the American cryptocurrency exchange Coinbase. French clone websites attempt to defraud users of MetaMask, Binance, Coinbase, Trust Wallet, and WalletConnect, as reported by Kaspersky.
Phishers become particularly active during tax filing periods. Kaspersky discovered a fraudulent site in Chile that promised taxpayers a tax refund of $375, but in reality, funds were being withdrawn directly from bank cards. In Colombia, creators of fake websites masquerading as government portals tricked individuals into downloading ZIP files and installing malicious software on their devices. In Brazil, scammers set up websites claiming to assist with tax submissions. It was found that these phishing portals collect names, phone numbers, birth dates, mailing addresses, email addresses, and taxpayer identification numbers (TIN).
Kaspersky specialists assert that with the collected data, fraudsters can take out loans in individuals’ names, hack accounts on government portals, and extort access to cryptocurrency wallets. Kaspersky experts clarified that legitimate tax authorities will never request seed phrases from crypto wallets, and government agencies do not have any portals for wallet verification.
Recently, Ledger issued a warning about scammers sending emails purportedly from Ledger support, urgently requesting users to install a critical security update. Ledger assured that it will not ask clients for confidential information.
