HQ/EMEAFind out how we can help your business
Cryptocurrency hardware wallet manufacturer Trezor revealed a security breach that has put nearly 66,000 users at risk of phishing attacks. The breach was discovered on January 20 when unauthorised access was discovered on a third-party support portal that occurred on January 17.
Trezor clarified that the incident did not compromise any user funds, and they reassured users that their Trezor devices remain secure. The primary concern arising from the breach is the exposure of users’ contact details, making them susceptible to phishing attacks.
Phishing, a common form of cybercrime, involves attackers posing as trusted entities to trick individuals into giving away private data such as login credentials or credit card numbers. Trezor has promptly notified all affected users about the situation through email, emphasising the potential phishing risks.
Trezor assured no recovery seed phrases were compromised in the security breach.
As part of the Trezor security breach aftermath, at least 41 users have reported receiving direct email messages from the attacker requesting sensitive information related to their recovery seeds. Eight individuals who created accounts on the same third-party vendor’s trial discussion platform had their contact details compromised.
The company assures that no recovery seed phrases were disclosed. Promptly responding to the incident, the company alerted users who received suspicious emails within an hour. Furthermore, there is currently no observable surge in phishing activity linked to this security breach.
Having established itself as a trustworthy entity in the cryptocurrency hardware wallet sector, Trezor has encountered security hurdles in previous instances. In March, the company disclosed a phishing attack attempting to steal investors’ funds, pressuring them to input their wallet’s recovery phrase on a fraudulent Trezor website. Additionally, there were instances where scammers were distributing counterfeit Trezor hardware to manipulate and obtain control over users’ private keys.
In 2023, despite the cryptocurrency industry experiencing losses of around $2 billion due to theft, there was a slight decline in hacking incidents.
A report from DeFI, a prominent web3 security firm, highlighted that hackers managed to rob $2 billion in digital assets throughout the year, marking the first decrease in crypto hacking incidents since 2021. The REKT database by DeFI ranks significant crypto hacks, emphasising ongoing vulnerabilities and challenges within the DeFi ecosystem.
