Skip to main content

Trezor warns of possible phishing attacks after data leak

Trezor, one of the leading providers of hardware wallets for cryptocurrencies, issued a security warning on 22 January 2024 after unauthorized access to their support ticket portal was detected. The portal is operated by a third-party provider and contains personal data of customers who have submitted support requests, such as names, e-mail addresses and telephone numbers.

Trezor Phishing

Trezor emphasizes that the security of the hardware wallets themselves has not been compromised and that customers can keep their coins safe as long as they keep their recovery seeds and passphrases secret. However, there is a risk that the stolen data could be used for phishing attacks to trick customers into revealing their login details or installing fake firmware updates.

To protect themselves from such attacks, Trezor advises customers to take the following precautions:

  • Always check the URL of the website you are visiting and make sure it starts with or
  • Do not click on links or attachments in suspicious e-mails or text messages purporting to be from Trezor. Trezor will never ask you for your recovery seed or passphrase or ask you to install a firmware that has not been verified by Trezor Wallet.
  • Activate two-factor authentication (2FA) for your email account and other online services that you use with Trezor.
  • Use a password manager to create and store strong and unique passwords for each website.
  • Stay up to date with the latest security updates from Trezor and follow their official channels on Twitter, Facebook and Reddit.

Trezor apologizes for the inconvenience caused by the data leak and assures you that they are working with the third party provider to identify and resolve the cause of the incident. Remain vigilant and report suspicious activity to

No Comments found

Got a question or an opinion for this article? Share it with the readers!

You are welcome to leave pseudonyms and anonymous information.

You are welcome to leave pseudonyms or empty fields. Only the given data will be saved (comment, name, e-mail, website, no IP address). Further information on the processing of data and rights of objection are listed in the privacy statement.