Trezor, a leading manufacturer of hardware cryptocurrency wallets, has issued an urgent alert to its users about a sophisticated phishing campaign that abused its automated support system to send deceptive emails. Attackers exploited Trezor’s public contact form by submitting support requests using real users’ email addresses—likely obtained from previous data breaches—which triggered legitimate-looking automated replies from Trezor’s support system.
Trezor is a pioneer in the hardware wallet industry, developed by SatoshiLabs, and is designed to provide secure, offline storage (cold storage) for cryptocurrencies. Unlike software wallets or online exchanges, Trezor devices keep your private keys offline, protecting your digital assets from online hacks and breaches.
These scam emails appeared to come from official Trezor support channels and requested sensitive information such as wallet backups or seed phrases. Trezor emphasized that it never asks users for their wallet backup and that such information must always remain private and offline. The company clarified that this incident did not involve a breach of its internal email systems; rather, the attackers manipulated the support form’s automated response feature to deliver phishing messages.
Trezor has stated that the issue has been contained and that its contact form remains safe and secure for legitimate use. The company is actively researching additional safeguards to prevent future abuse of its support infrastructure and is urging users to remain vigilant against suspicious communications, especially those asking for sensitive wallet information. This incident highlights the growing risk of phishing attacks targeting cryptocurrency users and the importance of double-checking the authenticity of support messages.
