Trezor under phishing attack, maximum alert

A recent attacco phishing targeted Trezor by exploiting the modulo di supporto to send fraudulent emails to users. 

The company has confirmed that the scammers forwarded false requests using real users’ email addresses; consequently, the system generated apparently legitimate automatic responses.

These emails, sent directly from the Trezor system, were used to request the sharing of the wallet backup, a key element for accessing users’ funds.

How the exploit of Trezor’s contact module occurred

The hackers did not directly breach Trezor’s internal systems or email servers. Instead, they used an automatic response mechanism linked to the company’s public contact form. By sending fake requests from stolen or impersonated email addresses, they triggered legitimate support responses, capable of deceiving users because they came from an official channel.

• Support module: while remaining safe and secure for legitimate requests, it has been abused by executing false requests.
• Automated responses: have turned into the vehicle of phishing, simulating authentic communications.
• Phishing on sensitive information: users were invited to provide the seed phrase or wallet backup, data that should never be shared.

The official position of Trezor

Trezor has firmly clarified that “there was no email breach” and that the incident was limited to the fraudulent use of an external interface. The company also warned with a message on its social channel X: “NEVER share your wallet backup—it must always stay private and offline. Trezor will never ask for your wallet backup.” This helped to raise the community’s awareness of the importance of personal security.

Ecco cosa è successo

Non c’è stata alcuna violazione delle email.

Gli aggressori hanno contattato il nostro supporto per conto degli indirizzi interessati, attivando una risposta automatica come un messaggio legittimo di supporto Trezor.

Il nostro modulo di contatto rimane sicuro e protetto.

Stiamo attivamente ricercando modi per prevenire futuri…

— Trezor (@Trezor) 23 giugno 2025

Containment and strategies to prevent new vulnerabilities

Immediately after the alert, Trezor stated that the exploit has been contained. The company is studying stricter procedures to limit any possible future abuse of the support system. The focus is on implementing more sophisticated filters and controls to prevent unauthorized requests from triggering harmful automatic responses.

Despite the severity of this attack, Trezor’s fundamental security protocols remained intact, confirming the robustness of the company’s infrastructure. This situation serves as a warning for the entire crypto community to rigorously monitor communications and interactions with services.

The context of the increasing phishing attacks in the crypto sector

The Trezor case fits into a broader context of increase in phishing attacks targeting crypto platforms and users. Just a few days earlier, CoinMarketCap suffered a similar exploit that injected malicious code displaying fake wallet verification pop-ups. This attack led to losses of over $21,000 across 76 compromised accounts.

In parallel, Cointelegraph reported a front-end compromise with fake airdrop promotions, aimed at deceiving users into connecting their wallets and facilitating asset thefts. These incidents confirm a trend towards the sophistication of scams, where official channels are manipulated, increasing user trust and thus the likelihood of successful bull and bear schemes.

Other recent campaigns and targeted attacks

• March 2025: sending fake emails to Coinbase and Gemini users to push them to migrate funds to self-custody wallets.
• April 2025: discovery by JFrog of a malicious Python package “disguised” as a legitimate library, focused on stealing API keys and credentials of crypto traders.

These episodes indicate that the attacks are no longer based so much on traditional malware, but on social engineering and the abuse of legitimate communication infrastructures to deceive users and capture crucial information such as backups and private keys.

Implications for users and security tips

The attack on Trezor demonstrates how security in the crypto world does not depend solely on the technical robustness of the systems, but also on the ability of users to recognize phishing attempts. The request to send the wallet backup or the seed phrase is always a warning signal.

To protect themselves, users must follow some fundamental rules:

• Never share the wallet backup;
• Beware of emails or messages that request sensitive data;
• Always verify the authenticity of communications by contacting the official channels;
• Keep software and security devices updated;
• Be aware of the risks associated with social engineering.

Trezor itself is working to further strengthen security and prevent similar vulnerabilities in the future.

Future prospects and resilience of the crypto sector

Despite the dramatic nature of the latest events, the crypto sector shows a growing focus on cybersecurity and user protection. Incidents like the one with Trezor serve to improve protocols and increase collective awareness.

The continuous evolution of attack techniques stimulates the search for more effective solutions, from the introduction of advanced anti-fraud systems to greater user education. Consequently, trust in the sector remains an achievable goal as long as coordinated and proactive strategies are adopted.

In conclusion, maintaining a high guard against phishing and other attempts of abuse is essential to protect both users and the integrity of the platforms. The security of digital resources depends on the collaboration between companies and the community, with a constant focus on prevention and innovation.