So, Trezor got phished. Irony, much? We’re all meant to be our own banks, impervious to the systemic collapse of the legacy world. A phishing attack targeting Trezor users serves as a stark reminder: the self-custody dream needs a serious reality check. Wanting to be your own bank isn’t sufficient, you have to understand what being one entails.

Control Does Not Equal Security

Realistically, as we all know, the siren call of self-custody is difficult to resist. Complete control over your assets. Freedom from banks and intermediaries. Privacy. These are powerful draws. The flip side is absolute responsibility. You’re the bank vault, the security guard, and the IT Department, all in one. And if you fuck up, there is no FDIC insurance to save your ass.

The Trezor incident is a good example of a dangerous trend. Fraudsters used fake support, including through scam Discord servers, to get users to share their seed phrases. We have all heard about the Ledger phishing attack leading one user to lose 10 Bitcoin. That’s not pocket-change—that’s a life-altering amount of money lost because someone clicked the wrong link. These attacks highlight a fundamental flaw in the self-custody narrative: it assumes a level of technical savvy and vigilance that most people simply don't possess.

We can’t lead people to the deep end of crypto security and let them sink or swim. It’s kind of like handing a new driver a formula one car without any instruction or practice runs.

Is Crypto Staking Inherently Risky?

That’s just the beginning of the risks associated with crypto. Consider staking and mining. You’re not merely hoarding your coins — you’re making the network more secure. This entails maintaining nodes, securing wallets, and being proactive about possible vulnerabilities. One misstep, and you can lose your whole stake. It’s akin to keeping your front door unlocked and being shocked when you get robbed.

This example doesn’t only apply to hardware wallet user experience, but the entire ecosystem. Every centralized exchange, every decentralized exchange, every DeFi protocol, every staking platform, is a potential attack vector. Since the crypto space is mostly unregulated, scammers and hackers regularly evade accountability.

Education, Not Just Hardware, Is Key

Trezor launching new products like Trezor Expert and the Safe 5 is a step in the right direction, but it's not enough. We require a complete pivot from what we currently do, and the way we think about crypto education. Advocacy getting a hardware wallet is only the first step. So first and foremost, it’s important to think like a security practitioner.

Think about it: we teach kids basic safety skills from a young age. "Don't talk to strangers." "Look both ways before crossing the street." Safety rules for crypto to prove their commitment. We need a similar set of “crypto safety rules” that are universally understood and practiced.

  • Never share your seed phrase. Ever. No exceptions.
  • Verify, verify, verify. Double-check URLs, email addresses, and social media accounts.
  • Be skeptical of unexpected messages. If something seems too good to be true, it probably is.
  • Use strong, unique passwords for every account.
  • Enable two-factor authentication wherever possible.
  • Keep your software up to date.

As communications folks, it’s not enough to just tell people these things — we need to show them. What we’re really looking for We need robust interactive tutorials, simulated phishing attacks and real-world case studies. And we need to ensure that this information is made available to everyone, including those who do not have technical expertise.

The self-custody dream is a noble one. True equity isn’t a destination—it’s a journey. This is only possible if we provide everyone with the right tools. It’s just as critical that they learn how to travel that path safely. Or else, we’re merely priming Americans for disappointment and deflated bank accounts.