Trezor, the well-known hardware wallet manufacturer, issued a security alert on Monday after scammers exploited its support contact form to launch a sophisticated phishing campaign. The attack involved using victims’ email addresses to submit fake inquiries, which in turn triggered legitimate-looking automated replies from Trezor’s support system.
These emails, designed to appear as official responses, included Trezor branding and typical support language—making them especially convincing.
“These scam emails appear legitimate but are a phishing attempt,” the company warned on its official X account.
“Remember, NEVER share your wallet backup — it must always stay private and offline. Trezor will never ask for your wallet backup.”
Trezor emphasized that its systems remain uncompromised and that the contact form itself was not breached. Instead, the firm believes the attack drew on email addresses exposed in unrelated third-party data leaks.
Phishing Trend Continues to Target Crypto Wallet Users
The latest scam targeting Trezor users underscores an escalating trend in email-based phishing attacks across the crypto ecosystem. This is not Trezor’s first brush with such tactics—back in March 2022, a breach at its newsletter provider, Mailchimp, allowed attackers to send phishing emails that tricked users into downloading fake firmware updates.
Other wallet providers have also faced similar threats. Ledger, another major hardware wallet maker, suffered a significant data leak in 2020 that exposed customer email addresses and personal information. That incident fueled years of phishing attempts, many of which mirrored the Trezor tactic: using support-like messaging to bait users.
Software-based wallets like MetaMask and Trust Wallet have also been frequent targets of impersonation schemes, often involving fake support pages, scam emails, and fraudulent social media accounts.
Cointelegraph Website Compromised in Scam Airdrop Scheme
Meanwhile, crypto news outlet Cointelegraph confirmed on Sunday that its website was compromised through a front-end exploit. The breach briefly displayed a fake airdrop pop-up that falsely claimed users were eligible for $5,500 in “free tokens” through a so-called “fair launch initiative.”
The scam message urged users to connect their wallets—an increasingly common phishing tactic used to drain digital assets. Cointelegraph said it became aware of the incident shortly after the malicious prompt went live and was “actively working on a fix.”
The pop-up falsely stated that the smart contract had been audited by blockchain security firm CertiK, a claim that has not been verified and appears to be fabricated as part of the deception.
This incident follows a growing number of front-end attacks targeting trusted Web3 platforms, where malicious code is injected into legitimate interfaces to trick users into compromising their wallets.
Quick Facts
- Trezor users received phishing emails triggered through the company’s support contact form
- The firm says no internal systems were breached; emails likely came from third-party data leaks
- Cointelegraph’s website was briefly compromised by a front-end scam offering fake tokens
- Both incidents highlight the growing threat of social engineering and front-end wallet phishing
