A new phishing campaign has been targeting users of Trezor hardware wallets, using fake emails that closely imitate official messages from the company. The fraudulent emails claim to warn users of urgent security threats, with the goal of tricking them into entering their wallet backups – effectively compromising their funds.
The messages began circulating in early July and have since been reported across platforms, including Reddit and X (formerly Twitter). They appear professionally designed, with visuals and language closely resembling legitimate Trezor communication.
Multiple Phishing Variants
Several email versions have been observed, each designed to create urgency and prompt immediate action. One version is titled “Critical Vulnerability Notice”, informing users of a supposed firmware flaw. It urges recipients to install an “emergency firmware patch” by clicking a button labeled “Go to dashboard”.
Another variant, titled “Protect Your Assets From State-Sponsored Threat Actors”, claims that Trezor has suffered a breach from North Korean hackers. The email references “unauthorized access to internal server infrastructure” and includes fabricated details to encourage users to follow phishing links.
A third version refers to “Quantum Computing Firmware Update”, warning of potential vulnerabilities related to quantum computing, and again pushing recipients toward a fake update process.
These phishing emails attempt to convince users to input their wallet backup phrases into a website that mimics the official Trezor Suite dashboard. Doing so allows attackers to gain full access to a user’s crypto assets.
Read also: Suspicious SMS From Binance? It’s a Scam!
Trezor’s Official Security Recommendations
Trezor addressed the situation publicly on X, confirming that these messages are fraudulent and reiterating standard safety practices.
Trezor advises users to be extremely careful with unsolicited messages, even if they appear authentic. Any communication requesting a wallet backup or offering updates through external links should be considered fraudulent. The company does not contact users by phone, text message, or social media. It also does not request personal information such as passwords, wallet backups, or two-factor authentication codes.
It’s also important to verify website URLs manually or use bookmarks to avoid falling for fake dashboard pages. Moreover, Trezor devices require physical confirmation for recovery and firmware actions. Any recovery process or sensitive transaction must be approved directly on the device’s screen. If a site asks for the recovery seed without this step, it is not legitimate.
Read also: How to recognize a crypto presale scam? Full guide
Be Careful
The recent phishing campaign targeting Trezor users involves emails disguised as official messages that encourage users to reveal their recovery phrases. Trezor has confirmed that the emails are not legitimate and reminded users that the company will never ask for sensitive information.
Staying alert, verifying links, and never entering a wallet backup online are the best ways to avoid falling victim to these scams. Trezor has urged users to rely only on official software and channels for updates or support.
