Trezor Confirms Phishing Attack Abused Contact Form to Trick Users Into Revealing Wallet Recovery Phrases

Hackers Exploit Trezor’s Support Form to Send Fake Emails Posing as Official Support

A new wave of phishing emails has emerged after attackers found a new way to impersonate the Trezor support team—by abusing the company’s own online contact form.

The trick was simple but effective: cybercriminals submitted fake support queries using victims’ email addresses, triggering automated replies from Trezor’s system.

These replies looked official, giving scammers a false layer of credibility to follow up with phishing attempts.

The emails urged recipients to share their wallet backup—an alarming red flag for any crypto user.

Trezor moved quickly to contain the situation, reassuring its users that while the emails may look real, they are part of a scam.

The company confirmed its systems were not breached and no user data was leaked directly from its end.

Trezor Warns: We Will Never Ask for Your Wallet Backup

In a public statement posted on its official X account on 23 June 2025, Trezor clarified the phishing tactic and reminded users of a core security principle:

“These fraudulent emails may look authentic but are phishing attempts. Never share your wallet backup — it must remain private and offline. Trezor will never ask for your wallet backup.”

The hardware wallet firm added that the issue had been swiftly contained and the exploited contact form is still considered “safe and secure.”

It attributed the attackers' access to victims' email addresses to likely previous data breaches from unrelated platforms, not a leak from Trezor itself.

Recycled Email Breaches Fuel New Scams

This isn’t the first time email-based attacks have targeted Trezor users.

In March 2022, a compromise at email provider Mailchimp led to phishing emails sent out disguised as official Trezor communications.

In both cases, scammers exploited previously exposed email addresses to impersonate the brand and trick users into handing over sensitive data.

Trezor said it is now “actively exploring ways to prevent future abuse,” calling the incident a reminder that “security is a continuous process.”

Crypto Sites Targeted in Recent Phishing Spree

The Trezor incident follows a spate of phishing attacks on major crypto platforms.

In recent days, CoinMarketCap was briefly compromised by a token drainer pop-up urging users to verify wallets.

Cointelegraph, meanwhile, faced a banner system hijack that displayed a fake airdrop promotion on its website.

Both attacks have since been resolved with new safeguards put in place.

These tactics reflect a broader trend in phishing—one that increasingly mimics official support channels to disarm victims.

Phishing Is Evolving. Are Crypto Users Ready?

This episode shows just how easily trust in a system can be weaponised.

A basic automated email—harmless in most contexts—can turn into bait when paired with stolen identities.

It’s a sharp reminder that in crypto, security isn’t just about tech; it’s about how humans respond under pressure.

When “official” messages can be faked with such ease, staying cautious isn’t optional—it’s survival.