Is trezor.io legit?
Trezor.io appears to be a legitimate and secure platform, scoring 'Mostly Safe' due to its strong technical foundation and clear identity. However, prospective buyers should be aware of the aggressive discount claims and the use of non-reversible payment methods, which can sometimes be associated with less reputable sites.
Crypto average: 76/100 · based on 25 sites
Checked: April 18, 2026 at 8:28 AM UTC · Refresh
Is trezor.io a scam? Here's what we found.
While the site boasts strong encryption, a valid SSL certificate (TLS 1.3), and is clean according to Google Web Risk, the high number of external scripts presents a potential, albeit currently undetected, vulnerability that users should be mindful of.
This is a well-established company with a domain nearly 12 years old, publicly listing its organization (SatoshiLabs Group a.s.) in the WHOIS, indicating a transparent and long-standing presence in its industry.
The site benefits from high traffic and a clean standing on DNS blacklists. However, the presence of unusually high discounts could be a deceptive tactic, which somewhat detracts from its overall trustworthiness.
The site provides clear contact information, legal pages, and a social media presence, which are all positive. Yet, the mention of irreversible payment methods flags a concern regarding consumer protections, potentially confusing customers about their recourse options.
The presence of both a privacy policy and terms of service pages demonstrates a commitment to legal and user protections, which aligns with expectations for an established online business.
The technical setup is robust, featuring modern DNS (Cloudflare), strong email authentication (SPF, DMARC), and HTTPS enforcement via HSTS, indicating a well-managed and secure backend infrastructure.
Signals Detected
This is a well-known, high-traffic website
Site uses structured data identifying itself as: WebSite
This business has no Trustpilot presence — not unusual for smaller or newer companies
Site advertises discounts over 70% — common in fraudulent e-commerce
Mentions non-reversible payment methods: bitcoin, wire transfer
Excessive number of external scripts — may indicate malicious injection
Valid certificate, expires in 46 days
Certificate issued by Let's Encrypt
Connection uses TLS 1.3
Resolves to: 2606:4700:10::ac42:86f5, 2606:4700:10::ac42:896f, 172.66.137.111, 172.66.134.245
Mail servers: aspmx.l.google.com., alt2.aspmx.l.google.com., alt1.aspmx.l.google.com., aspmx3.googlemail.com., aspmx2.googlemail.com.
Domain has SPF email authentication configured
Domain has DMARC email authentication configured
DNS providers: lucy.ns.cloudflare.com., jeff.ns.cloudflare.com.
Site enforces HTTPS via HSTS
Site has Content Security Policy configured
X-Frame-Options: DENY
Web server: cloudflare
No threats detected by Google Web Risk
robots.txt has 16 directives and references a sitemap
Site has custom branding and social media metadata
Not found on any DNS blacklists
Domain created 2014-07-21T08:45:45Z (11 years, 10 months ago)
Registered through Cloudflare, Inc
Expires in 825 days
DNSSEC status from WHOIS
No sitemap found — common for smaller sites
Website is live and responding
Website appears to have contact information
Website has both privacy policy and terms of service pages
Website links to multiple social media platforms
Could not query Wayback Machine
Could not query certificate transparency logs
Fast page load
Embed This Badge
Stay Safe Online
Good habits to protect yourself, no matter the scan result.
Never reuse passwords across sites.
Add a second layer of security to your accounts.
Always verify unfamiliar stores before entering payment info.