Trezor Issues Security Alert After Phishing Attack Exploits Support System

Trezor, a prominent hardware wallet provider, has issued an urgent security alert following a sophisticated phishing attack that exploited its support contact form. The attack involved scammers submitting fake support requests using email addresses associated with real users, which triggered automated replies from Trezor's support system. These replies, appearing as legitimate Trezor support messages, were used to send phishing emails to users, urging them to reveal their wallet backup information.

The company clarified that there was no breach of its internal email system or third-party compromise. Instead, attackers leveraged Trezor’s automated response system to send out the phishing emails. The phishing scheme cleverly avoided traditional hacking methods by exploiting Trezor’s customer service infrastructure from the outside. Attackers submitted fake support requests through Trezor’s contact form using the email addresses of targeted users, triggering automated replies from the company’s legitimate support system. These automated responses became the perfect vehicle for the scam, appearing entirely authentic because they were generated by Trezor’s actual systems rather than spoofed external sources.

Trezor quickly contained the exploit and emphasized that its core security protocols remained intact throughout the incident. The company is actively researching additional safeguards to prevent future abuse of its support infrastructure. The incident highlights the growing concern about attackers targeting trusted crypto platforms’ infrastructure and communication channels rather than attempting direct breaches. The common goal is to trick users into sharing wallet backups, private keys, or trading credentials through convincing social engineering tactics.

Ask Aime: How can I protect my Trezor crypto wallet from phishing scams?

This incident is part of a broader wave of phishing attacks targeting major players in the crypto industry. Just two days before the Trezor attack, CoinMarketCap experienced a similar exploit where malicious code was injected to display phishing pop-ups prompting users to verify their wallets. The pop-up prompted users to “Verify Wallet,” leading to phishing attempts that resulted in the compromise of 76 accounts, with total losses exceeding $21,000. Around the same time, Cointelegraph also confirmed a front-end compromise that displayed fake token airdrop promotions designed to trick users into connecting their wallets.

Similar sophisticated phishing campaigns have been seen in recent months, including a wave of fake emails sent to Coinbase and Gemini users in March falsely claiming that users needed to migrate their funds to self-custody wallets due to a supposed court ruling. Back in April, the JFrog Security Research team also reported a malicious Python package designed to steal traders’ API keys and credentials using the MEXC exchange. It mimicked the legitimate CCXT library and intercepted crypto trading data by redirecting API requests to a fake server.

These incidents underscore the evolving tactics of cybercriminals in the crypto space, who are increasingly targeting trusted platforms’ infrastructure and communication channels. The Trezor incident serves as a reminder for users to remain vigilant and never share their wallet backup information, as legitimate support from hardware wallet providers will never request such sensitive data. Trezor’s prompt response and containment of the exploit demonstrate the company’s commitment to user security, but the incident also highlights the need for continuous improvement in safeguarding against such sophisticated attacks.