Trezor Issues Warnings As the Scammers Misuse Contact Forms to Send Fake Emails

Trezor, one of the leading cold crypto wallet companies on the market, has issued a warning on Twitter after multiple customers received fake emails masquerading as legitimate support replies.

It happened after a group of attackers filled out a contact form on behalf of some addresses, which triggered an automatic reply from the Trezor email systems.

Countless Emails Have Been Affected, But There Was No Breach

While the number of people affected by this isn’t mentioned in the official tweets, the number could range in the thousands.

However, Trezor insists that there was no email breach.

“Here’s what happened,” wrote Trezor on X. “Attackers contacted our support on behalf of affected addresses, triggering an auto-reply as a legitimate Trezor support message.”

With that, the team insists that the contact form remains safe and secure.

On the other end of the spectrum, those who have received a support email might have been asked for their wallet backup.

“Remember, NEVER share your wallet backup. It must always stay private and offline. Trezor will never ask for your wallet backup,” wrote the wallet representatives in the original tweet.

Affected users have also posted about it, stating they too have received an email. Trezor has asked such users to ignore those emails. As far as whether or not a monetary loss has occurred, it is not known.

How were attackers able to misuse the contact form?

Attackers submitted fake support requests using recipients’ email addresses. This triggered an automated response from our system, which made it appear as if the message came directly from Trezor. The company mentioned that they do not know the origin of the email list used in the attack, but they have found no evidence of a breach on our side.

Although the attackers were able to manipulate the subject line of the request, they did not gain access to any Trezor systems, internal infrastructure, or user data. The team is actively working to take down the fraudulent phishing site and is reviewing additional countermeasures to make it significantly harder to submit mass requests via this method in the future.

What steps is Trezor taking to address the situation?

Trezor considers user security paramount. The company has launched internal investigations and informed users through official social media channels already. And with the help of Trezor’s partners, the phishing website involved in this fraudulent campaign has been taken down.

How can users stay safe?

Trezor asks people to never share their recovery seeds or private keys with anyone. Remember, Trezor support will never ask for your recovery seed or private keys.

Community Reactions to the Update

Most have appreciated the prompt warning that Trezor sent to its user base before things went haywire. PAGAN WOLF said that it was a “good alert from the team,” while others have jokingly said that they are so vigilant they don’t even believe the tweet.

However, some have posed reasonable questions, asking how the scammers were able to get the addresses in the first place.

Don’t Share the Backup Info with Anyone

Times are worrying, and markets are down, which has led many to take desperate measures. It also makes the current market a ripe ground for scams. Therefore, investors are advised to exercise caution at every step.

Don’t share wallet backup info or seed details with anyone. And while Trezor promises that it will address the current issue in future security updates, investors should take preemptive measures themselves to keep their assets safe and secure.