Hardware wallet producer Trezor warned users on Monday about an ongoing phishing campaign that mimics the companyโ€™s official customer support replies.

In a Monday X post, Trezor warned that the firm is aware that โ€œattackers abused our contact form to send scam emails appearing as legitimate Trezor support replies.โ€ The company reminded its customers not to share wallet backups, noting that they should always be kept โ€œprivate and offline.โ€

Trezor said it โ€œwill never ask for your wallet backup,โ€ confirming that the emails may appear as legitimate but are not.

Trezor noted that the issue has now been contained. Trezor clarified that no email breach had occurred โ€” rather, attackers submitted requests to the firmโ€™s support system on behalf of affected users, which triggered automated replies.

Source: Trezor

Those requests resulted in an auto-reply coming from the Trezor support system. The firm claimed that its โ€œcontact form remains safe and secure.โ€

Trezor did not immediately respond to Cointelegraphโ€™s request for comment.

Related: Industry exec sounds alarm on Ledger phishing letter delivered by USPS

Phishing attacks are common in crypto

Phishing attacks are prevalent in the cryptocurrency industry, with spearphishing attacks targeting high-net-worth individuals often resulting in substantial losses. Mehdi Farooq, an investment partner at crypto venture capital firm Hypersphere, recently revealed that he lost a significant portion of his life savings in such a targeted phishing attack.

In late May, a single victim was scammed two times within three hours, losing a total of $2.6 million in stablecoins. Hacks to expose oneโ€™s phishing bait to a large number of potential victims are also not uncommon.

Related: Hackers using fake Ledger Live app to steal seed phrases and drain crypto

CoinMarketCap, Cointelegraph affected

A few days ago, the crypto price tracking service CoinMarketCap removed a malicious pop-up notification from its website, prompting users to verify their cryptocurrency wallets. A similar attack was also conducted on Cointelegraph in a now-resolved incident.

On Saturday, Cointelegraph experienced a brief compromise of its banner publishing system. The breach resulted in a malicious advertisement promoting a fake token airdrop. The unauthorized code was removed, and additional security measures have since been implemented to prevent similar incidents.

Magazine: As Ethereum phishing gets harder, drainers move to TON and Bitcoin