Hardware Wallet Maker Trezor Issues Critical Scam Alert Amid Contact Form Compromise

Trezor, a prominent hardware wallet maker, has issued a critical scam alert to its users regarding a security breach. According to a detailed X post by the wallet maker on June 23, the attackers had cunningly abused the company’s contact form to dispatch scam emails.

“We have identified a security issue where attackers abused our contact form to send scam emails appearing as legitimate Trezor support replies,” Trezor revealed.

Notably, the dispatched scam emails were masquerading as Trezor’s legitimate support responses, marking the second time the wallet maker has faced a cyberattack. For context,  the Trezor blog website reported at the beginning of 2024 that Trezor identified unauthorized access to a third-party support portal.

Meanwhile, Trezor quickly clarified that no email breach occurred. Instead, the attackers triggered automated replies by posing as affected users, taking advantage of a gap in the support workflow.

Trezor Issues a Security Mantra

Amid the compromise of the contact form, Trezor has detailed specific guidelines that its users must follow. According to the company, users should never reveal their wallet backups, as they must remain private and offline to ensure the security of their funds.

“Remember, never share your wallet backup; it must always stay private and offline,” Trezor stated.

Notably, Trezor has assured users that it has contained the issue. The wallet maker revealed that its platform will never require any user’s wallet backup, cautioning users to “stay vigilant,” as security is a continuous process.

Increased Cyber Attacks

Trezor’s latest phishing attempt highlights the evolving tactics cybercriminals are using to target cryptocurrency users. Meanwhile, the wallet maker is not the only company affected by the recent cyberattacks.

For context, in a recent X post, Crypto Patel revealed a phishing attack targeting CoinMarketCap and Cointelegraph. According to the report, the hackers injected fake WalletConnect pop-ups, draining $43,000 from 110 wallets on CoinMarketCap and deploying a fake airdrop scam on Cointelegraph.

Meanwhile, in March, Cointab also reported how the Lazarus Group is terrorizing crypto. For perspective, the notorious group extorted $1.4 billion from Bybit earlier this year, with the exchange becoming its latest casualty after Upbit and Kucoin faced a similar fate.

These incidents serve as a stark reminder of the persistent threats facing the cryptocurrency community, particularly as the industry continues to expand. It also emphasizes the need for due diligence and security alertness among market users.