Trezor wallets hacked? Don’t be duped by phishing attack email

Trezor wallets hacked? Don't be duped by phishing attack email

Owners of hardware Trezor cryptocurrency wallets should be on their guard after an email was sent out by thieves attempting to dupe them into downloading new software to their devices.

The emails claim that Trezor, which has been making physical USB-connected devices to protect the cryptocurrency and tokens of users since 2014, “experienced a security incident” yesterday that breached the data of 106,856 of its customers.

Here’s a screenshot of the email, which has the subject line “Your Trezor Suite might be compromised”:

Trezor phishing email

Part of the email reads:

At this moment, it’s technically impossible to accurately assess the scope of the data breach. Due to these circumstances, if you’ve recently accessed your wallet using Trezor Suite, we must assume that your cryptocurrency assets are at risk of being stolen.

However, in reality, the email is not from Trezor at all – but is instead an attempt to dupe unsuspecting owners of Trezor devices into downloading a bogus version of the company’s desktop suite software from a lookalike website.

Fake trezor website

If you were unfortunate enough to click on the link offered in the email you would find yourself taken to: https://suite.trẹ

Notice anything odd about that? Take a closer look.

Fake trezor url

Now you’ll hopefully notice that there is an underdot under the letter “e” in “trẹzor” in that URL. And that means you’re not going to the real Trezor website (which is at – the real domain is not even .com!)

This is known as a unicode domain phishing attack.

Sign up to our free newsletter.
Security news, advice, and tips.

So, don’t trust the email. Don’t click on the link. The genuine Trezor Suite doesn’t ask you for your wallet’s private keys and doesn’t store them online, but who knows what this bogus software might ask you to do.

If you do want to update your Trezor’s firmware or desktop software, go to the official Trezor website instead.

One question remains – how did the malicious email get sent to so many Trezor customers? Is it possible Trezor, or one of its marketing partners, has suffered a security breach that has exposed members of its mailing list?


Trezor says it is investigating whether an opt-in mailing list it runs at MailChimp may have been breached. That would certainly explain how Trezor customers were targeted.

Trezor tweet

Sources inside Trezor tell me that this “was an inside job by a MailChimp rogue employee.”

That’s how they targeted Trezor users in this highly-convincing attack.

Hear more views on this incident in this episode of the award-winning “Smashing Security” podcast, with me, Carole Theriault, and special guest Zoë Rose.

Smashing Security #269: 'Trezor Deep Throat, a CCTV stalker, and Amazon's list of banned words'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

14 comments on “Trezor wallets hacked? Don’t be duped by phishing attack email”

  1. derek smith

    Cheer`s, it what I thought, confirmed.

  2. Paul Daniel

    clicked on link to see if the site looked dodgy, looks like it halfway downloaded the so-called 'new update' or whatever.
    not connected trezor or been asked for any info. / seed etc.
    what should i do now to get this potential malware off ?

  3. KB

    I fell for it. It immediately drained 90% of everything in my Trezor wallet. What do I do now?

    1. Graham CluleyGraham Cluley · in reply to KB

      If funds have been taken from your wallet then there may not be much you can do at all… other than be grateful it wasn't 100%… :(

      1. Lynn Morgan · in reply to Graham Cluley

        I think my Trezor wallet has been hacked. I tried logging into my account yesterday. I could no log in. I clicked on what I thought was a recovery site. It had a chat option. I put my phone number in the chat. A form came up to place my 24 word recovery names in.. I did this twice along with my pin number. Someone called me with an Indian accent said he couldn't help me. He knew how much was in my account. He said my account had been crashed. Then silence. What can I do to recover my account?

  4. Brian

    You tell people not to follow links in email but helpfully link to the "official Trezor website". For all we know, that link could be malicious. After all, I don't know you. Train people the right way. Tell them to Google it then bookmark it.

    1. Graham CluleyGraham Cluley · in reply to Brian

      Although there have also been plenty of occasions where cybercriminals have poisoned search engine results – or bought ads on search engines – to direct unsuspecting users to fake websites as well.

      Nothing's easy is it?

  5. Neil

    Using a third-party-service (MailChimp) for their newsletter was not a great idea, especially when handling sensitive information.

    I Checked out their domain with uBlock Origin, and it's full of third-party-services. Ideally, only and sub-domains should be listed:

  6. Paul

    I was beside myself with panic but checked the email properties and saw .us where I was expecting .io! I then did a google search of the mail subject line and found this post of yours… Thanks so much for putting my mind at rest and I truly feel for anyone that fell for this despicable scam…

  7. Gerry

    Thank you for the heads up. We need to stay aware of the bad players out there.

  8. Scott

    Got the email, but did not fall for it. Went to to update trezor suite.

  9. Brian Perks

    A long time IT security "expert" and I fell for this hook-line and sinker. Fortunately for me the device I read the email on wasn't the device I use for accessing my Trezor so I didn't click the link. I updated Trezor Suite from Trezor Suite and then changed my PIN just in case.
    My excuse for falling for this is that I am terrified everytime I connect my Trezor, firmware updates are always problematic and I'm always expecting to see a zero balance!

  10. Yaron

    What caught my attention in the podcast (though I may have missed something in the blog post) is that Trezor is totally absolved. People pay a premium for hardware wallets, mostly for the security benefits. If any software installed on the desktop can break this security, this is (excuse my French) a total scam. There's a *lot* they could do (e.g. a screen on the HW token, an on-board approve button, even as simple as a beep+delay) and yet the Trezor product quietly lets malware empty out the wallet.

  11. David

    I had all my coins stolen from my Trezor even tho i had not connected it for a few months how did this happen as when i contacted Trezor they where not helpful at all just told me to contact authorities even tho my money had been sent to binance account when i contacted binance to tell them they found the account and said my money had been withdrawn and are not willing to get me it back even tho they no who has taken it is this against the law or legal

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.