Trezor has issued a high-priority security warning after attackers exploited its support contact form to send phishing emails to users. The company confirmed that scammers submitted fake support requests using email addresses associated with real users, prompting the system to send out automated replies that mimicked legitimate Trezor support messages. Important Update We have identified a security issue where attackers abused our contact form to send scam emails appearing as legitimate Trezor support replies. These scam emails appear legitimate but are a phishing attempt. Remember, NEVER share your wallet backup — it must… — Trezor (@Trezor) June 23, 2025 In a public statement , Trezor clarified that there was no internal email system breach or third-party compromise. Instead, attackers used their automated response system against it. The phishing emails urged users to reveal their wallet backup information, a highly sensitive key that grants access to all funds. “NEVER share your wallet backup—it must always stay private and offline. Trezor will never ask for your wallet backup,” the company wrote on X. Trezor says the exploit has now been contained. However, the company is actively researching additional safeguards to prevent future abuse of its support infrastructure. The Anatomy of the Attack The phishing scheme cleverly avoided traditional hacking methods by exploiting Trezor’s customer service infrastructure from the outside. Attackers submitted fake support requests through Trezor’s contact form using the email addresses of targeted users, triggering automated replies from the company’s legitimate support system. The company explained in its security alert that “Attackers contacted our support on behalf of affected addresses, triggering an auto-reply as a legitimate Trezor support message.” The automated responses became the perfect vehicle for the scam, appearing entirely authentic because they were generated by Trezor’s actual systems rather than spoofed external sources. These seemingly legitimate support emails were then weaponized to request users’ wallet backups or seed phrases under various pretexts, exploiting the trust users place in official communications from their hardware wallet provider. Trezor quickly clarified the scope of the incident, emphasizing that no internal systems were compromised during the attack. “There was no email breach,” the company stated, explaining that the exploit was limited to the abuse of the external-facing contact form functionality. The contact form itself remains “safe and secure” for legitimate customer inquiries. Here’s what happened There was no email breach. Attackers contacted our support on behalf of affected addresses, triggering an auto-reply as a legitimate Trezor support message. Our contact form remains safe and secure. We're actively researching ways to prevent future… — Trezor (@Trezor) June 23, 2025 The company confirmed that the security issue has been contained and that it is “actively researching ways to prevent future abuse” of its support infrastructure. Despite the concerning nature of the attack, Trezor maintained that its core security protocols remained intact throughout the incident. Phishing Threats Are Escalating Across the Crypto Industry The Trezor incident is the latest in a series of phishing attacks that have targeted major players in the crypto industry in recent weeks. Just two days earlier, CoinMarketCap experienced a similar exploit where malicious code was injected to display phishing pop-ups prompting users to verify their wallets. @CoinMarketCap was hacked on Friday after a malicious popup appeared on its website, urging users to "verify" their wallets. #CoinMarketCap #Hack https://t.co/QiC913WSXP — Cryptonews.com (@cryptonews) June 21, 2025 The pop-up prompted users to “Verify Wallet,” leading to phishing attempts that resulted in the compromise of 76 accounts, with total losses exceeding $21,000. Around the same time, Cointelegraph also confirmed a front-end compromise that displayed fake token airdrop promotions designed to trick users into connecting their wallets. A fake pop-up on @Cointelegraph tried to lure users with a bogus $5,000 token reward, marking another scam targeting crypto users. #CoinTelegraph #CryptoScam https://t.co/RfWy3zonF5 — Cryptonews.com (@cryptonews) June 23, 2025 Similar sophisticated phishing campaigns have been seen in recent months, including a wave of fake emails sent to Coinbase and Gemini users in March falsely claiming that users needed to migrate their funds to self-custody wallets due to a supposed court ruling. Back in April, the JFrog Security Research team also reported a malicious Python package designed to steal traders’ API keys and credentials using the MEXC exchange. It mimicked the legitimate CCXT library and intercepted crypto trading data by redirecting API requests to a fake server. These incidents add to a growing concern about attackers increasingly targeting trusted crypto platforms’ infrastructure and communication channels rather than attempting direct breaches. The common goal is to trick users into sharing wallet backups, private keys, or trading credentials, not through malware, but through convincing social engineering tactics. The post Trezor Issues ‘Urgent Alert’ After Support-Form Exploit Sends Phishing Emails – What Users Must Know appeared first on Cryptonews .
