Trezor informed users about a new phishing campaign exploiting their contact form to send fraudulent emails. The attack was carried out using compromised email addresses.
Description of the Phishing Attack
Trezor announced that attackers submitted fake inquiries through the contact form using compromised email addresses. This triggered automated responses that appeared to be from Trezor support. These messages asked users to reveal their wallet backups. Trezor stated, "These scam emails appear legitimate but are a phishing attempt."
Safety Measures from Trezor
Trezor emphasized that the issue has now been contained and that internal data or email systems were not breached. "NEVER share your wallet backup — it must always stay private and offline. Trezor will never ask for your wallet backup," the company noted. Additionally, Trezor is actively researching ways to prevent future abuses and advises users to stay vigilant.
History of Phishing Attacks in the Crypto Industry
This is not the first time Trezor has dealt with an email-based attack. In 2022, a breach of its newsletter provider Mailchimp led to a phishing campaign that tricked users into downloading malware disguised as a Trezor firmware update. Other major players in the crypto wallet space, such as Ledger, faced similar issues with data leaks in 2020.
Phishing attacks remain a persistent threat to cryptocurrency users. Trezor and other companies continue to work on improving security and protecting users from fraudulent schemes.
