{"id":3751,"date":"2025-06-23T13:42:01","date_gmt":"2025-06-23T13:42:01","guid":{"rendered":"https:\/\/bitunikey.com\/news\/trezor-issues-security-alert-after-contact-form-exploit-used-in-phishing-scam\/"},"modified":"2025-06-23T13:42:08","modified_gmt":"2025-06-23T13:42:08","slug":"trezor-issues-security-alert-after-contact-form-exploit-used-in-phishing-scam","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/trezor-issues-security-alert-after-contact-form-exploit-used-in-phishing-scam\/","title":{"rendered":"Trezor issues security alert after contact form exploit used in phishing scam"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Crypto hardware wallet provider Trezor has issued a security caution to its users, warning of a new tactic being used by malicious actors to impersonate the company and phish for sensitive information.<\/p>\n<p>In a post on June 23 via social media platform X (formerly Twitter), Trezor warned users that it has identified a security flaw where attackers abused its contact form to send scam emails appearing as legitimate Trezor support replies.<\/p>\n<p>According to the wallet provider, the scam emails appear authentic but are phishing attempts by malicious actors preying on unsuspecting users to obtain sensitive information and compromise their accounts.\u00a0<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Here\u2019s what happened<\/p>\n<p>There was no email breach. <\/p>\n<p>Attackers contacted our support on behalf of affected addresses, triggering an auto-reply as a legitimate Trezor support message.<\/p>\n<p>Our contact form remains safe and secure. <\/p>\n<p>We&#8217;re actively researching ways to prevent future\u2026<\/p>\n<p>\u2014 Trezor (@Trezor) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/Trezor\/status\/1937092641021100253?ref_src=twsrc%5Etfw\" target=\"_blank\">June 23, 2025<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>Clarifying the situation, Trezor confirmed there was no breach of its internal email systems. Instead, the attackers submitted support requests using the email addresses of targeted users. This triggered Trezor\u2019s automated system to send what looked like valid support replies, adding a layer of credibility to the phishing messages.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>Trezor emphasized that the issue has been contained and said it is continuing to investigate while rolling out additional safeguards to prevent future incidents.<\/p>\n<p>However, this is not the first time Trezor has been targeted. Back in January, the firm flagged an incident in which attackers accessed its newsletter subscriber email database and used a third-party service to impersonate the Trezor team, sending out malicious emails to users.<\/p>\n<p>The repeated incidents have drawn scrutiny over Trezor\u2019s security levels. Recently, researchers from Ledger Donjon, the security division of rival wallet maker Ledger, raised concerns over the Trezor Safe models, warning that they may not offer full protection against sophisticated attacks.<\/p>\n<p>Trezor is now urging users to stay alert and follow strict security practices to keep their assets safe.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cRemember, NEVER share your wallet backup \u2014 it must always stay private and offline. Trezor will never ask for your wallet backup,\u201d it warned.<\/p>\n<\/blockquote>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Crypto hardware wallet provider Trezor has issued a security caution to its users, warning of a new tactic being used by malicious actors to impersonate the company and phish for&hellip;<\/p>\n","protected":false},"author":1,"featured_media":3752,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3751","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/3751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=3751"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/3751\/revisions"}],"predecessor-version":[{"id":3753,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/3751\/revisions\/3753"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/3752"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=3751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=3751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=3751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}