24.06.2025 09:21

Trezor, a prominent hardware wallet provider, experienced a sophisticated phishing attack leveraging its support module. Instead of directly compromising Trezor's internal systems, attackers exploited the automated response mechanism associated with the company's public contact form. This clever maneuver allowed them to send fraudulent emails appearing to originate from Trezor support itself.

The attack hinged on the attackers' ability to trigger automated responses by submitting fake requests using compromised or spoofed email addresses belonging to legitimate Trezor users. This resulted in seemingly authentic support emails being generated and sent directly from Trezor's system, thereby enhancing the deception's credibility. These deceptive communications then requested users to share their wallet backup phrases – a critical piece of information granting complete access to their cryptocurrency holdings. The entire operation underscored the vulnerability of automated systems to malicious manipulation.


Crucially, Trezor has emphasized that this incident did not involve a breach of their email servers or internal systems. The company swiftly issued a statement on X (formerly Twitter), vehemently stressing that they would never request a user's wallet backup phrase. They reinforced the importance of maintaining the utmost secrecy and offline storage of this sensitive data. This public announcement served to inform and alert their user base, promoting heightened vigilance regarding security best practices.

Trezor's official response underscores the attack's nature as an abuse of the public-facing support system, not a compromise of internal infrastructure. While the company's contact module remains secure for legitimate inquiries, this incident highlights the potential for malicious actors to exploit automated responses. Following the attack, Trezor is actively exploring methods to further enhance their security measures and prevent similar incidents from occurring in the future. The incident serves as a stark reminder of the persistent threat posed by phishing and the importance of user awareness in safeguarding their digital assets.