Trezor Warns Users After Phishing Attack Exploits Contact Form

On June 23, 2025, Trezor issued a public security alert regarding a recent phishing attack. Attackers exploited the Trezor website contact form to send fake emails. These phishing emails pretended to be legitimate replies from the Trezor support team. The goal was to deceive users into sharing sensitive wallet information. Trezor emphasized it would never ask users for their wallet backups. Users were strongly advised to keep backups offline and private to avoid risks. Although the problem was contained quickly, the company urged vigilance against ongoing crypto phishing attacks.

Attackers Abused Auto-Reply System Without Breaching Infrastructure

Trezor provided details about the crypto phishing attack on its official social media channels. Attackers submitted false support requests using email addresses belonging to real users. This tricked the Trezor support auto-reply system into sending responses appearing to be genuine support emails. Despite this, Trezor confirmed its email systems had not been compromised in any way. The contact form infrastructure remained secure, though vulnerable to this type of abuse. We’re actively researching ways to prevent future abuse, said Trezor. Users were reminded never to enter recovery seeds into websites or forms.

Users to Never Share Wallet Backups and Use Official Trezor Support Channels

On X (formerly Twitter), a user named Emzy said, “I also got that email,” highlighting the attack’s reach. Trezor responded to users publicly: “Never share your wallet backup (seed) with anyone.” The company stated users should only enter their seed phrase into their physical Trezor device. Any request for a recovery seed is fraudulent and indicates a scam. Trezor also urged users to contact official support through verified channels such as their chatbot Hal.

Warning Against Voice Phishing and Impersonation, and Fake Social Profiles

Beyond email phishing, Trezor warned about other crypto scam tactics, including voice phishing or “vishing.” Scammers might call users pretending to be Trezor or other wallet providers. During these calls, attackers often request wallet backups or login credentials. Trezor advised users to immediately hang up if they receive such suspicious calls. “If someone calls you claiming to be from a crypto company, assume it’s a scam,” the company stated clearly. Disclosing wallet backups in these situations gives scammers full access to users’ funds.

The attackers’ crypto scam methods also include fake social media profiles, urgent warnings, and links to malicious websites. Even emails that look professional and well-written can be deceptive. Trezor reminded users that wallet recovery requires physical confirmation directly on their device’s screen. Users must only follow instructions shown on their Trezor device itself. “Never share your 12-word, 20-word, or 24-word wallet backup,” the alert emphasized. Exposing these words can cause irreversible losses for the user.

Verify Emails Carefully and Protect Wallet Backups at All Times

Users should be skeptical of unexpected emails and carefully check sender addresses. They should avoid clicking on suspicious or unknown links. Watching for grammar errors helps, but attackers may now use AI to mimic natural language flawlessly. Trezor stressed that official support will never request private information from users. The company concluded that users bear responsibility for protecting their crypto assets and must stay alert.