Cryptocurrency hardware-wallet maker Trezor said attackers exploited a vulnerability in its website’s contact form to send phishing emails that mimicked official customer-support replies. The messages asked users to provide wallet backup phrases—information that would allow thieves to empty the devices—but did not stem from Trezor itself. The company said the breach was quickly contained and emphasized that it never asks customers for recovery seeds or other sensitive credentials. Trezor added that no wallet firmware or user funds were compromised and urged recipients of the fraudulent emails to delete them and report any suspected theft. The episode underscores a broader rise in phishing schemes targeting crypto investors, who rely on recovery phrases to access assets stored offline. Trezor said it is reviewing its security processes and cooperating with external investigators to trace the source of the attack.