Trezor Warns of Phishing Attack Exploiting Support Form

Highlights:

• By using Trezor’s website, hackers sent phishing emails in the form of support messages.
• Trezor ruled out a data leak but recommended that its users remain cautious.
• Phishing attempts aimed to access wallet backups using fake support responses.

Trezor, one of the most popular companies providing crypto hardware wallets, recently reported a phishing attack using the contact form of its website. The hackers made fake support requests with the email addresses of real users. This activated auto-responses that were similar to the support communications of Trezor. Such responses included phishing messages that were intended to deceive users into revealing their private wallet details.

Trezor also explained that it did not lose any data on its internal systems during the incident. The attack did not involve any backend infrastructure being breached. The auto-reply system, however, turned out to be a loophole, which was exploited by hackers to dismiss fraudulent messages. These emails seemed to be genuine and looked a lot like real support messages.

Important Update

We have identified a security issue where attackers abused our contact form to send scam emails appearing as legitimate Trezor support replies.

These scam emails appear legitimate but are a phishing attempt.

Remember, NEVER share your wallet backup — it must…

— Trezor (@Trezor) June 23, 2025

Moreover, the attackers targeted already compromised email addresses to carry out the attack. The incident raised concerns among the users who received such messages. Trezor has since contained the problem, and the contact form is back to its normal functionality. Nevertheless, the company cautioned that phishing threats are increasingly becoming advanced.

Tactics Used in the Phishing Scam

The phishing messages prompted users to share their recovery seed passwords. When shared, such backup phrases provide attackers with complete access to user wallets. To give authenticity to the messages, the attackers emulated Trezor support. Some users reported they had received such emails, deepening the urgency of the alert by Trezor.

Other popular scamming techniques were also employed by the hackers. These were false airdrop links, warnings, and prompts for users to connect to the malicious sites with their wallets. In some instances, the users were redirected to pages where they were asked to input their recovery keys. Besides email phishing, Trezor advised against voice phishing and impersonated accounts on social media. Moreover, the scammers have called the users pretending to be the support agents. Such calls usually consist of fake security warnings to encourage users to give out personal information.

The company has stressed that the wallet backup should be offline and confidential. Use of recovery phrases must be applied directly to Trezor devices. Trezor also made it clear that its team will never ask them to provide their seed phrases via email, phone, or online chat.

Security Measures and Continued Risks

Trezor stated that it is actively developing new measures to prevent misuse of its contact system. The firm has also instructed customers to confirm all support messages through official communication channels. Any messages that request sensitive data without prior warning should be treated suspiciously.

Although the attack is alarming, no user funds are reported to have been lost yet. Trezor advised its customers to be careful and not follow unknown links. Further, it suggested that users check sender addresses prior to responding to emails. The firm also reported to the customers on the need to use hardware device confirmation only in wallet operations. Transactions and other recovery processes should occur on a physical screen of the user. This precaution is taken to make phishing attacks ineffective in taking over access.

Recently, CoinMarketCap and Cointelegraph experienced separate front-end breaches. These hacks included phishing pop-ups, which were an imitation of authentic wallet connections. Furthermore, a combination of these events indicates an increasing trend of phishing attacks against crypto users, with numerous online tools.