Trezor’s support platform abused in crypto theft phishing attacks

June 25, 2025

Trezor

Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform.

The company's support site allows anyone to open a ticket using any email address and subject line. The system then replies automatically, sending a case number and using the submitted ticket title as the email subject.

Attackers abuse this feature by submitting tickets with titles containing urgent phishing messages, such as "[URGENT]: vault.trezor.guide - Create a Trezor Vault now in order to secure assets who may potentially be at risk."

Since the reply comes from the legitimate [email protected] address, it appears authentic to recipients but contains an email subject with a fake alert that links to a phishing site.

**Message sent to Trezor users***Source: @geUKnDrVgzr6BfF | X*

Users who were tricked into visiting the domain on their browsers were taken to a phishing page asking for their wallet seed.

Trezor is a hardware wallet, a small physical device used to securely store various forms of cryptocurrency. It is categorized as a "cold wallet," meaning it's offline and requires physical confirmation on the device to approve transactions.

However, the wallets set up on Trezor devices are secured by a so-called 'seed phrase,' which consists of 24 random words, serving as a very secure password that is essentially a master key to the user's assets.

Anyone with another user's seed phrase can restore a wallet on another device with full access to its assets.

In its announcement about this attack, Trezor warned all users never to share their wallet seed with anyone.

The wallet storage device maker has also stated it is working towards implementing defenses that will prevent similar abuse in the future.

For more information on defending against phishing actors and scammers, check out Trezor's online guide.

This is not the first time Trezor support was abused or targeted to perform supply chain attacks on cryptocurrency holders using the company's devices.

In April 2022, email marketing firm MailChimp suffered a security breach where threat actors leveraged it to send phishing emails to Trezor wallet holders.

In February 2023, a massive phishing campaign impersonating Trezor flooded users with malicious emails and SMS, prompting them to visit a phishing page to "secure their device."

In January 2024, Trezor's support site suffered a data breach caused by unauthorized access to its third-party support ticketing portal. The incident exposed the sensitive information of roughly 66,000 Trezor users who interacted with the platform's support since late 2021.

source: BleepingComputer

Windows 10 users can get extended security updates using Microsoft points

New FileFix attack weaponizes Windows File Explorer for stealthy commands

Free online web security scanner

Don't show website scan report rating on the leaderboard

Top News: