Hardware wallet provider Trezor has issued a security alert about a phishing campaign where attackers abused the company's contact form to send scam emails that appear to be legitimate customer support replies. According to Trezor, no breach of their email system occurred. Instead, attackers submitted support requests impersonating affected users, triggering automated responses from Trezor’s system. These auto-replies added a false sense of legitimacy to phishing emails.
The wallet maker stressed that wallet backups must remain private and offline and that Trezor will never ask users for their backups. The company confirmed the attack has been contained and is reinforcing security measures to prevent similar incidents.
This incident follows other recent phishing attacks targeting crypto users, with significant losses reported in spearphishing scams. In the broader crypto ecosystem, similar malicious pop-ups and phishing attempts have been reported on services like CoinMarketCap and Cointelegraph. Researchers have also raised concerns about the security of certain Trezor models.
Trezor advises users to remain vigilant and follow stringent security practices to safeguard their assets.