A sophisticated phishing campaign is currently targeting users of Trezor hardware wallets, using fake security alerts to lure victims into revealing their recovery phrases. The attack is delivered via email and is crafted to appear as an official communication from Trezor.
Details of the Scam
The fraudulent email is sent from the address:
It warns recipients of a fabricated critical vulnerability in Trezor firmware and instructs users to immediately update their device. The email contains a link directing users to a phishing website:
Warning, visiting the website could cause harm to your computer.
https://trezor-websuite.com/dashboard/recovery.html
This website closely mimics the look and feel of Trezor’s legitimate interfaces, prompting users to enter their recovery seed as part of a fake “recovery process.” Once entered, attackers use this information to immediately compromise and drain users’ wallets.
What Users Should Know
- Trezor will never ask for your recovery seed through a website.
- Official updates are only delivered through the Trezor Suite desktop application and the hardware device itself.
- The only official Trezor domain is: https://trezor.io
Recommendations
If you receive an email from trezorupdate@substack.com or are directed to any domain resembling trezor-websuite.com, do not engage with it. Delete the message immediately.
Always verify:
- The sender’s email address
- The URL of any site asking for sensitive information
- That you’re using the official Trezor Suite downloaded from trezor.io
If you believe you may have interacted with this phishing site or entered your recovery phrase, consider your wallet compromised. Move your assets immediately using a freshly initialized hardware wallet and contact Trezor support.
Reporting
We encourage users to report phishing attempts to Trezor via their official support channels and to mark such emails as phishing within their email clients to help reduce the spread of this campaign.
SWAPD encourages all users involved in cryptocurrency trading, storage, or escrow services to remain on high alert. Phishing attempts like this one are becoming increasingly sophisticated and are specifically designed to exploit trust in well-known platforms.
Stay safe, and verify everything.
— SWAPD Security Team