This is the way most crypto is stolen

While we were in the middle of filming our latest video, we got word that scammers were at it again - impersonating us in a massive blast to Trezor users. Some sharp-eyed folks in our community reached out to flag this specific email they’d just received:

The trick here is all about "manufactured urgency." You get an email that looks official and insists you act . The scammer is betting that the fear of losing your money will make you panic and follow their instructions without stopping to think, eventually handing over total control of your wallet (usually by convincing you to share your wallet backup).

This isn't the first time we’ve seen this, and it won’t be the last. We actually deal with this every single day. It’s the price we pay for a free internet: anyone can put on a mask and pretend to be someone else.

These traps don't just stay in your inbox, either. They show up as phone calls, text messages, posts and DMs on social media, or even physical letters in the mail.

So, how do we actually stay safe?

The solution is actually pretty simple.

Never, under any circumstances, share your wallet backup with ANYONE.

That’s it.

If you can stick to that one rule, you’ll probably never lose your funds to a scam.

Of course, there’s a catch:

Your backup is meant to be generated on a hardware wallet and kept offline at all times. Scammers are getting smarter, which means you need to really own the power of self-custody and learn to spot the moment someone is trying to play you.

Since you’re the one in charge of your funds, the responsibility sits with you. Here are a few red flags to keep on your radar:

Fake update links

One of the oldest tricks in the book is an email claiming there’s a mandatory new version of Trezor Suite. Scammers love to throw in scary-sounding words like “quantum update” to create panic about stuff most people don't fully understand.

If you get a link in an email about an update, don’t click it. But if you do, NEVER enter your wallet backup or sign any transactions the link asks for.

Remember: your words stay offline. No one legitimate will ever ask for your backup.

Fake devices on random sites

Scams exist in the physical world, too. Counterfeit Trezors are real, and we’ve seen some pretty convincing fakes over the years. Always buy your device directly from us or an authorized dealer, and always run an authenticity check.

If you want to see what to look for, check this out:

Fake websites, profiles, and search results

Unfortunately, fake online versions of Trezor Suite have been around since Trezor's early days. They’re designed to look exactly like the real thing so you feel safe while they rob you.

Social media is also crawling with scammers who steal our team’s photos to pretend they work at Trezor. If someone reaches out to you out of the blue, consider it a red flag. If they’re putting emotional pressure on you, it’s certainly a scam.

Even Google results can be a trap. Scammers pay for ads so their fake links show up first. If you search for "Trezor," there’s a good chance the top result is a lie.

Use bookmarks, double-check the URL, and, one more time, NEVER TYPE YOUR WALLET BACKUP INTO A PHONE OR COMPUTER.

Targeted phishing and spoofing

It’s still relatively rare, but video and voice spoofing is the new scary frontier. AI deepfakes are getting incredibly good, and if a "support agent" catches you off guard (or if our CEO Matej randomly reaches out to you) it’s easy to get flustered and stop thinking straight.

Just remember: We will never contact you first.

If you get a suspicious call, just hang up. If you're worried, reach out to us through our official chatbot instead.

Threats of "blocking" or "deactivating"

Technically speaking, a hardware wallet cannot be blocked or turned off remotely. It’s an offline device; it’s physically impossible for us to flip a switch on it. Scammers use this threat because it sounds scary, but it’s just a lie to get you to panic and give up your recovery seed.

How we’re fighting back

We don't just sit back and let this happen. We report fake ads and social accounts the second we see them, and we work with Phishfort to take down scam links and profiles as fast as humanly possible. We’re constantly working behind the scenes to stay ahead of them and taking legal action against fake product listings.

You are the primary defense

At the end of the day, if you’re practicing self-custody, you’re the one holding the keys.

That’s why your backup is so vital. It’s the master key to your wallet. Your only job is to keep that secret. Keep it in the physical world, never make a digital copy, and NEVER give it to anyone you don't want having total control over your money.