A new phishing campaign is targeting Trezor hardware wallet users with fake emails designed to look like official communications. These fraudulent messages warn of urgent security threats, aiming to trick recipients into revealing their wallet backup phrases, thereby compromising their funds.
Several versions of the scam email have been observed, often titled "Critical Vulnerability Notice," "Protect Your Assets From State-Sponsored Threat Actors," or "Quantum Computing Firmware Update." They urge users to install emergency patches or update firmware by clicking on malicious links that lead to fake Trezor Suite dashboard websites.
Trezor has publicly confirmed these messages are fraudulent, reminding users that the company never asks for sensitive information like recovery seeds via email, text, or social media. Users are advised to verify website URLs, avoid clicking on unsolicited links, and never enter their backup phrases online. All critical actions, such as firmware updates or recovery processes, require physical confirmation directly on the Trezor device.