This letter is an official statement from the Trezor team about the recent phishing attacks, where an unknown culprit impersonated Trezor and our affiliated partners. We have encountered several websites impersonating our e-shop, products, or websites of our resellers.

During March 2018, several platforms including Google made the decision to apply a flat ban on all cryptocurrency-related advertising, in an effort to fight malicious and illegal advertisers. This seemingly benign ban, however, affected many legal and genuine businesses, including Trezor. Later on during the same year phishing websites impersonating Trezor, our partners and even competitors started to appear in Google’s search results.Our dedicated team immediately contacted Google with multiple requests to remove these malicious websites from their search results, but for over three months Google didn’t react promptly to our requests. Google even allowed some of the phishing websites to create a paid marketing campaign, which boosted these websites to a higher position in Google’s search results algorithm. Due to the March 2018 ban, we were unable to create paid marketing campaigns to outbid malicious websites and remove them from Google results.

We have taken action to protect our users from websites and emails impersonating Trezor, and eventually, we have managed to get most of them taken down by contacting Google or other providers hosting these websites on a daily basis. We are actively fighting against the phishing attacks, and we are working closely with search engine providers and social media platforms to remove malicious content as quickly as possible. Our dedicated team is now cooperating with Google’s abuse team to prevent this kind of phishing from happening in the future, and to regain the ability to advertise on Google and other platforms.

If you are concerned about encountering one of these attacks, we have some advice. First and foremost, we at Trezor would never ask you for your seed phrase, and we keep reminding our users to never share their seed phrase with anyone. All our staff is trained to always perform at the highest security and privacy standards, and the security of our users is — and always will be — the top priority of Trezor. The only legitimate sites you should order from are our Trezor website and the websites of our verified resellers. Always use good judgment — you can never be too sceptical when it comes to your privacy and security.

Trezor is prepared to defend its good reputation as the most trusted hardware wallet manufacturer, and we are considering legal action against the unknown culprit.

We would like to thank the Trezor community for your support, and we encourage you to report any suspicious activity to our Support Team.