Trezor Warns Users of Phishing Scam via Compromised Support Form

Trezor, a prominent manufacturer of crypto hardware wallets, has issued a warning to its users regarding a phishing scam that exploited its customer support form. The company revealed that attackers submitted fraudulent queries through its contact form using compromised email addresses, which triggered automated responses that appeared to originate from Trezor support. These responses were then used to deliver phishing messages, urging users to disclose their wallet backups.

Trezor emphasized the legitimacy of these scam emails, cautioning users to never share their wallet backups, as they must remain private and offline. The company reiterated that Trezor will never request a user's wallet backup. The issue has been contained, and no internal data or email systems were compromised. The contact form remains safe to use, but the attackers likely utilized addresses gathered from older data leaks to execute the scheme.

Trezor is actively researching ways to prevent future abuse, stressing that security is an ongoing process and urging users to stay vigilant. This is not the first time Trezor has faced an email-based attack. In 2022, a breach of its newsletter provider led to a phishing campaign that tricked users into downloading malware disguised as a Trezor firmware update.

Other major players in the crypto wallet space have also encountered similar issues. In 2020, Ledger experienced a data leak that exposed customer emails and phone numbers, resulting in a wave of phishing attempts that continue to this day. Wallet providers like MetaMask and Trust Wallet have also warned about fake support agents targeting users via various platforms, including email, Discord, Telegram, and social media.

The broader crypto space remains a prime target for phishing campaigns. In a recent incident, a victim lost $2.6 million in stablecoins in two separate phishing incidents within a span of just three hours. Attackers are increasingly relying on creative entry points, such as fake wallet apps, pop-up ads, and even postal letters impersonating security notices.

Earlier this week, a malicious bannerBANR-- was removed from a prominent crypto platform that prompted users to “verify” wallets via a suspicious link. The platform also confirmed a brief security lapse that allowed a scam airdrop ad to appear on its homepage, which has since been removed.