Trezor Warns Users of Phishing Scam Targeting Support System

Introduction

On June 23, 2025, Trezor, a leading cryptocurrency hardware wallet provider, issued an urgent security alert after attackers exploited its customer support system to send phishing emails disguised as legitimate Trezor communications. The incident, which did not involve a breach of user data or email systems, highlights the ongoing challenges of securing crypto assets against sophisticated scams. As Trezor works to contain the issue, users are urged to stay vigilant to protect their digital wealth.

Exploitation of Trezor’s Support System

Trezor confirmed that attackers manipulated its public contact form by submitting fraudulent queries using email addresses of actual users, triggering automated replies that appeared to come from Trezor’s support team. These phishing emails, designed to look authentic, urged recipients to share their wallet backup (recovery seed phrases), which could grant attackers access to users’ cryptocurrency holdings. Trezor emphasized that it never requests wallet backups and that such requests are a clear sign of a scam. The company quickly contained the issue, ensuring no unauthorized access to its email systems occurred.

User Guidance to Avoid Phishing Attacks

In response to the incident, Trezor issued a public statement on its official X account, advising users to never share their wallet backup, which must remain private and offline. The company also shared resources on common scammer tactics, such as impersonating support agents and requesting sensitive information like seed phrases, login credentials, or two-factor authentication codes. Users are encouraged to verify communications through official Trezor channels, such as the Trezor Suite app or the website (https://trezor.io), and to bookmark legitimate sites to avoid phishing links.

Trezor’s Ongoing Security Commitment

Trezor clarified that the incident did not compromise user funds or the security of its hardware wallets, which remain protected by features like PIN encryption and offline storage of private keys. The company is actively researching safeguards to prevent future misuse of its support system. Trezor’s hardware wallets, including models like the Safe 5 and Model T, use open-source designs and secure elements to protect against attacks, though past vulnerabilities in older models, such as the Safe 3, have been noted by researchers like Ledger’s Donjon team. Trezor’s swift response and transparency reflect its commitment to user security.

Broader Context of Crypto Security Threats

This incident occurs amid a surge in cryptocurrency-related cyberattacks. For example, a pro-Israeli hacking group, Predatory Sparrow, recently claimed responsibility for attacks on Iranian targets, including draining $90 million from Nobitex, Iran’s largest crypto exchange. Phishing campaigns targeting crypto users have risen significantly, with a 40% increase reported in 2022. Trezor’s history of addressing security issues, such as a 2024 data breach affecting 66,000 users’ contact details, underscores the persistent risks in the crypto space and the importance of user vigilance.

Conclusion: Staying Safe in a High-Risk Landscape

Trezor’s rapid response to the phishing scam targeting its support system demonstrates its dedication to protecting users, but it also serves as a stark reminder of the evolving threats in the cryptocurrency world. By reinforcing best practices—never sharing recovery seed phrases, verifying communications, and using official channels—Trezor empowers users to safeguard their assets. As phishing attacks grow more sophisticated, this incident highlights the critical need for awareness and proactive security measures to ensure the safety of digital wealth.