Hardware wallet producer Trezor warned users on Monday about an ongoing phishing campaign that mimics the company’s official customer support replies.
In a Monday X post, Trezor warned that the firm is aware that “attackers abused our contact form to send scam emails appearing as legitimate Trezor support replies.” The company reminded its customers not to share wallet backups, noting that they should always be kept “private and offline.”
Trezor said it “will never ask for your wallet backup,” confirming that the emails may appear as legitimate but are not.
Trezor noted that the issue has now been contained. Trezor clarified that no email breach had occurred — rather, attackers submitted requests to the firm’s support system on behalf of affected users, which triggered automated replies.
Those requests resulted in an auto-reply coming from the Trezor support system. The firm claimed that its “contact form remains safe and secure.”
Trezor did not immediately respond to Cointelegraph’s request for comment.
Related: Industry exec sounds alarm on Ledger phishing letter delivered by USPS
Phishing attacks are common in crypto
Phishing attacks are prevalent in the cryptocurrency industry, with spearphishing attacks targeting high-net-worth individuals often resulting in substantial losses. Mehdi Farooq, an investment partner at crypto venture capital firm Hypersphere, recently revealed that he lost a significant portion of his life savings in such a targeted phishing attack.
In late May, a single victim was scammed two times within three hours, losing a total of $2.6 million in stablecoins. Hacks to expose one’s phishing bait to a large number of potential victims are also not uncommon.
Related: Hackers using fake Ledger Live app to steal seed phrases and drain crypto
CoinMarketCap, Cointelegraph affected
A few days ago, the crypto price tracking service CoinMarketCap removed a malicious pop-up notification from its website, prompting users to verify their cryptocurrency wallets. A similar attack was also conducted on Cointelegraph in a now-resolved incident.
On Saturday, Cointelegraph experienced a brief compromise of its banner publishing system. The breach resulted in a malicious advertisement promoting a fake token airdrop. The unauthorized code was removed, and additional security measures have since been implemented to prevent similar incidents.
Magazine: As Ethereum phishing gets harder, drainers move to TON and Bitcoin
