Phishing attacks target Trezor | users by SatoshiLabs | Dec, 2020

Many Trezor customers have received fake communications regarding their Trezor hardware wallets. The attackers appear to be using data from a competitor to find customers who also own Trezor. If you have received a message as pictured below or of a similar nature, asking you to check something and follow a link, ignore it or report it using the Trezor help form.

Trezor SMS phishing message, contact censorship

Trezor will never ask for your recovery seed, and will never communicate with you via text regarding your device. Don’t trust anyone who is asking for your recovery seed; provided it will jeopardize your account and allow anyone to take your coins.

The timing and scope of this phishing scheme suggest that it is a second wave of attacks stemming from the breach of our competitor’s e-commerce database. Malicious actors who acquired the data from that attack are blindly targeting Ledger customers who may assume they also own a Trezor wallet. If you happen to own devices from different manufacturers, be very careful when opening any correspondence and report any message that appears to be a phishing attempt for data, such as a seed word request.

Trezor customer data has not been leaked. We continue to operate under a place policy us anonymizing all customer data of e-commerce within 90 days, once it is no longer needed to complete the order, and will even manually delete customer data if requested before then. Any data leak affecting customers right now is likely to be the result of a competitor breach that occurred this summer. Please be assured that the attackers do not seem to know whether Trezor is actually owned by the people they have targeted. If you are being targeted, report the message and do not interact with the sender.

The attackers may have purchased competitors’ customer data from a dark market, where broken data is often sold, allowing them to send malicious links to any links listed in that data. The scammer sends links to a fake version of the Trezor website, a replica of, which has been modified to ask visitors for their ad recovery, revealing their coins completely. Once the user enters their ad on the fake web page, the attacker simply repeats his wallet and sends the money to an address he owns.

The page created by the attacker does not exist in a real Trezor wallet. You will not be asked to enter your seed anywhere other than on your Trezor device. Learn how to look after your recovery seed, this is the most crucial part of protecting your bitcoin.

The phishing site that targets the seeds of consumer recovery. Never enter seed words anywhere except your Trezor wallet.

Such attacks have been seen before, and will continue to rise in number, as long as the price of Bitcoin remains high enough to make it worth the effort. Awareness is key, and there are many resources to share with others to inform them of the dangers. Unfortunately, there is no way to prevent these types of attacks from happening; this particular attack is related to the demographic data of hardware wallet users in general, and data breaches by advertisers or other cryptocurrency vendors could result in mass attacks similar to those we saw recently.

The basics of keeping cryptocurrency safe are fairly easy to understand:

  1. Never digitize your recovery seed or share it with anyone, not even Trezor employees.
  2. Perform all important operations using your hardware wallet, including recovery seeds.
  3. Double check the URL and SSL certificates when you access any website where you manage funds.

Security is enhanced by following general good practice for online and e-commerce accounts:

  1. Use discarded email addresses wherever possible.
  2. Do not provide personal data without good reason.
  3. Use a pick-up point for physical delivery whenever possible.

As long as you follow these guidelines, you should never be exposed to a data leak in the first place, but if you do know how to avoid being compromised: don’t give your seed away and confirm always have things on your device. , and no one will ever have access to your funds.

Unfortunately, lack of coverage is enough to cause catastrophic losses, even if you are experienced. Security should be made a uncomplicated practice: for example, you must always check that the address shown on your Trezor is correct, even if this is the tenth transaction you have sent in a row. If you come across anything suspicious, don’t risk it, contact us directly using our help form and we will help assess any potential threats.