Trezor says it detected “suspicious activity” on its website (Trezor.io) linked to a compromised third-party service used on the site. In its statement, the company said the issue was resolved quickly and the third-party was fully removed as a precaution. The update was posted via the official Trezor X account.
According to Trezor’s statement:
Trezor added that the incident is resolved and that it is continuing to investigate.
As a separate signal, Trezor’s public service status page has shown systems as operational through Dec 16 and Dec 17, which suggests there was no broader outage tied to backend infrastructure at the time of the notice.
The most important line in Trezor’s update is the reminder to never enter your wallet backup (recovery words) into any website.
Even if a hardware wallet’s core security is intact, attackers often use website incidents as an opportunity to push phishing prompts that try to trick users into:
Trezor’s own security materials explicitly call out third-party libraries and supply-chain risks as part of the threat model for web and app surfaces. If you want a refresher on common scam patterns.
These are general safety steps, not financial advice.
If any page asks for your wallet backup, treat it as a scam. Recovery words should only ever be used in a trusted recovery flow, not on a random web form.
Phishing often relies on lookalike domains or ad links. Use bookmarks for important destinations and verify you are on the correct domain before connecting anything.
If you interacted with the site during the window of concern and feel uneasy, review recent transactions and security posture. Trezor’s support guide walks through what to do if you see activity you did not authorize: funds sent without your authorization.
As of now, most of the information about this specific website event appears to come directly from Trezor’s own statement.
That said, it fits a broader pattern of wallet brands being targeted through “edge” surfaces like third-party tools and web workflows. For example:
Those prior incidents are not proof this website event was exploited the same way. They do show why Trezor consistently centers the same guidance: keep recovery words offline, and treat urgent security prompts as suspicious.
If Trezor publishes a deeper postmortem or indicators of compromise, the most useful details for users and defenders would be:
Trezor says a compromised third-party service caused suspicious activity on Trezor.io, but that the issue is resolved, the third-party is removed, and no databases or wallet products were affected.
For users, the practical takeaway is unchanged: never enter recovery words into a website, verify domains before connecting, and be extra cautious about any urgent “security” prompts that try to move you off the normal Trezor workflow.
The post Trezor Says Trezor.io Is Safe After Third-Party Service Incident appeared first on Crypto Adventure.
