Trezor Users Targeted in Phishing Scam—Stay Alert

Key Points:

• Attackers used Trezor’s contact form to send phishing emails disguised as support replies.
• Trezor confirms no system breach occurred; scam exploited auto-replies to legitimate-looking requests.
• Users are urged never to share wallet backups and report any suspicious messages immediately.

Trezor has issued a warning about a recent phishing attempt where attackers exploited the company’s support contact form. The attackers used legitimate-looking emails disguised as Trezor support replies to target users. These scam messages were designed to appear authentic but were intended to steal wallet backups.

According to Trezor, there was no breach of their email systems. The company confirmed that the contact form itself was not compromised. Instead, attackers submitted requests on behalf of real user addresses, which triggered the system’s automated reply. This reply looked like a genuine message from Trezor support.

Trezor Says the Issue Is Contained

Trezor stated that the issue has been “contained” and reassured users that their systems remain secure. In a follow-up post, the company said, 

“Our contact form remains safe and secure. We’re actively researching ways to prevent future abuse.”

The company stressed that users must never share their wallet backups. 

“Trezor will never ask for your wallet backup,” it warned. 

Backups should only be entered into the physical Trezor device, never online.

Users Report Receiving Scam Emails

Users reported receiving the scam emails. One user, Emzy, confirmed this on X, saying, “I also got that email.” Trezor responded quickly, advising users to ignore the message and not interact with it.

Trezor also shared safety recommendations, reminding users to stay cautious. The company said, 

“Never share your wallet backup (seed) with anyone.” 

Users are encouraged to remain alert and report suspicious messages.