Trezor Warns Users of Phishing Scam Exploiting Support Emails

June 24, 2025 – Hardware wallet maker Trezor has issued a warning about a phishing scam targeting its customers, which used a previously undisclosed HTML vulnerability to edit the company’s own support emails and deliver malicious content.

While it remains unclear whether users fell victim to the scam, the incident highlights rising threats aimed at hardware wallet users amid a surge in crypto-related phishing campaigns.

Key Takeaways

• Trezor warned users of a phishing scam exploiting an HTML vulnerability in its own support emails.
• The attack likely used user data from past breaches, offered on the dark web.
• It remains unclear if any users lost funds.
• The phishing scam worked by modifying automated emails from Trezor’s support system.
• Trezor says the vulnerability has been contained, but users should stay alert.

The Nature of the Scam

According to Trezor’s advisory earlier today, attackers were able to exploit an HTML string vulnerability to modify automatic responses from Trezor’s support email system.

The phishing method worked as follows:

• Attackers submitted a support request using stolen user data, acquired from previous breaches and dark web sales.
• They embedded malicious HTML code in the request.
• This code altered Trezor’s automated email response, adding a phishing message and fake links.
• The spoofed email was sent from a legitimate Trezor email address, making it appear genuine to recipients.

Important Update

We have identified a security issue where attackers abused our contact form to send scam emails appearing as legitimate Trezor support replies.

These scam emails appear legitimate but are a phishing attempt.

Remember, NEVER share your wallet backup — it must…

— Trezor (@Trezor) June 23, 2025

Unclear Impact, Possible Origins in Dark Web Data Sales

While Trezor stated there was “no email breach” and the situation is now under control, it did not confirm whether any users lost funds. The phishing attempt appears to have stemmed from data obtained in earlier hacks involving Trezor user records.

Cyber intelligence groups had spotted listings on dark web forums advertising technical details of the exploit for $10,000. Trezor acknowledged this as the likely source of the attack.

A Familiar Threat for Trezor and Hardware Wallets

Trezor and other major hardware wallet providers have faced similar issues in the past, as attackers continue to target self-custody users. This latest scam highlights the vulnerability of even trusted communication channels.

By leveraging legitimate Trezor support emails and previously stolen user data, the attackers crafted a sophisticated phishing scheme capable of bypassing many users’ typical security awareness.

Caution for Users

Trezor urged users to remain vigilant and to avoid interacting with any unexpected emails—even those appearing to originate from its own support channels. As always, the company reminded users:

• Never share seed phrases or passwords via email.
• Always verify the source of emails.
• Rely on Trezor’s official site for support and updates.

Did You Know?

Trezor was the world’s first hardware wallet brand, launched in 2014 by SatoshiLabs. It remains one of the most trusted names in cold storage for crypto—even as attackers continue to target its users.