Trezor Security Breach: 66K Users Affected
The security breach of Trezor exposed 66,000 users’ data, with no funds lost, highlighting ongoing cyber risks in cryptocurrency hardware wallets.
Trezor, a prominent hardware wallet producer, recently revealed a substantial security breach. This breach, confirmed on January 20, has potentially compromised the personal information of around 66,000 users. Notably, this incident traces back to unauthorized access to a support portal managed by a third party, discovered on January 17.
Understanding the Impact
The breach specifically targeted those who have interacted with Trezor’s support team since December 2021. Trezor, prioritizing transparency, reached out to the affected 66,000 contacts, cautioning them about possible phishing attacks. It’s essential to note, however, that users’ funds remained untouched during this breach. The integrity and security of the Trezor devices remain intact.
Phishing, a prevalent form of cybercrime, involves the impersonation of a trusted party to extract sensitive information. In this scenario, at least 41 Trezor users received direct emails from the attackers, seeking confidential data concerning their recovery seeds. Moreover, eight individuals who registered on a trial discussion platform of the same third-party vendor also had their contact information exposed.
Despite these concerning developments, Trezor assures that no recovery seed phrases were disclosed. The company was quick to alert the users who received these suspicious emails, doing so within an hour of recognizing the incident. Trezor continues to monitor the situation, although they haven’t observed a significant increase in phishing activities linked to this breach.
This isn’t the first time Trezor has faced security challenges. In March, they alerted their users about a phishing scheme that directed them to a counterfeit Trezor website, attempting to steal their recovery phrases. Another notable incident involved scammers selling fake Trezor hardware, and gaining access to users’ private keys.