Trezor Warns Users of Phishing Scam After Security Breach

Trezor, the company behind one of the most widely used hardware wallets in crypto, has confirmed that scammers found a way to misuse its contact form to send fake emails posing as official support.

The scam emails appeared legitimate and were crafted to trick recipients into sharing their wallet backups—a critical piece of information that gives full access to user funds.

Trezor posted the alert on X, formerly Twitter, saying the issue has now been contained. Internal systems were not breached, and the exploit was limited to the contact form being abused to send fake responses.

“These scam emails appear legitimate but are a phishing attempt. Remember, NEVER share your wallet backup — it must always stay private and offline. Trezor will never ask for your wallet backup,” the company wrote.

In a follow-up shared exclusively with The Crypto Times, Trezor clarified that attackers had submitted fake support requests using email addresses gathered from an unknown source. While they were able to tweak the subject lines, they did not gain access to any internal systems or data.

The company added:

No user funds have been reported lost so far. Still, the company urged caution, reminding users to verify any messages through official support channels.

The incident highlights how phishing tactics are evolving, even targeting communication tools to gain trust. Trezor said it is reviewing its internal processes to prevent similar abuse in the future.