Trezor Users Targeted in Phishing Scam via Automated Support System

Trezor users have been targeted in a phishing scam where attackers exploited a flaw in the company's automated support system. The scam involved attackers using Trezor’s contact form to send fake support emails that appeared legitimate, putting user funds at risk. The company clarified on 23 June that its internal systems had not been breached, but the manipulation of its automated processes enabled scammers to deceive recipients with authentic-looking messages.

The scam begins when bad actors submit fake queries through Trezor’s support form using the email addresses of their intended victims. This prompts an automatic support reply from Trezor’s system, giving the appearance of a legitimate communication from the company. Users receiving these emails are then urged to share sensitive information, such as their wallet backup or seed phrase — a classic phishing tactic. While Trezor’s systems remain uncompromised, the incident has raised significant concerns about the potential misuse of automated customer engagement tools.

Trezor posted on X (formerly Twitter) that the issue has been “contained” and said investigations are ongoing. The firm also added that additional safeguards are being implemented to prevent similar abuses of its platform. This incident follows an earlier security issue in January, where attackers accessed Trezor’s newsletter subscriber database. That attack involved the misuse of a third-party service to send emails that appeared to originate from the Trezor team, further underscoring the vulnerability of customer communication channels. In both cases, no direct access was gained to user wallets or internal databases, but the continued targeting of Trezor’s user base highlights the persistent threat of social engineering and phishing in the cryptocurrency ecosystem.

Security analysts and members of the broader crypto community have raised questions about Trezor’s ability to safeguard its users from such vectors. In particular, researchers at Ledger Donjon, the security arm of Trezor’s rival Ledger, have issued their own concerns regarding the security of Trezor’s Safe models. According to the research, these wallets might not be fully secure against advanced physical attacks, especially if an attacker gains temporary access to the device.

In its latest advisory, Trezor reiterated key security practices, reminding users that it will never ask for sensitive information, including their wallet backup. The company stressed that backups must remain private and offline at all times. This warning comes amid a broader rise in crypto-targeted phishing campaigns, many of which rely more on user manipulation than on sophisticated hacking tools. Trezor’s latest incident has become a cautionary example of how automated systems can be exploited in increasingly creative ways, even without breaching the core network or software of a company. As crypto adoption grows and user bases expand, these types of attacks are likely to become more frequent and complex.

AInvest Newsletter

Daily stocks & crypto headlines, free to your inbox

Get Newsletter with Email

Continue with Google

Or continue with others

Apple

Facebook

X

By continuing, I agree to the Market Data Terms of Service and Privacy Statement