Apparently if I don't scan this (totally legitimate) QR code by June 30th, the quantum computer boogeyman is going to come after my sats.
I have to hand it to these guys, they really know what they're doing and it honestly makes me feel uncomfortable how much info they have on me. They even knew I owned a Coldcard. The question is how? Did Coinkite db just got hack?
By sending physical letters through snail mail to protect an air-gapped wallet from future quantum threats like true cypherpunks is peak comedy, especially when their cutting-edge security solution is just telling me to scan a sketchy QR code with my phone.
Just a heads up for anyone else who gets this, it’s a highly targeted physical phishing campaign (probably from an old database leak like Ledger or a shop breach). Coinkite is never going to mail you a letter asking you to scan a code or sync your device.
Remember, stay safe and don’t scan or open any links. Keep your keys offline!
Your instinct on the old database is right, and the part worth sitting with is the time lag. The Ledger dump is from 2020 and it is still generating targeted mail in 2026, because breach data does not decay, it gets cross-referenced with newer leaks and resold. The air gap protected the keys, but the purchase linked your name, address, and "owns a hardware wallet" years before any of that mattered. That linkage is the one thing you cannot rotate. Safer to treat any KYC hardware buy as already a permanent line in someone's targeting list, and compartment future purchases on that assumption.
Where does the QR point to?