Trezor Security Breach: 66K Users Affected

On Jan 22, 2024

The security breach of Trezor exposed 66,000 users’ data, with no funds lost, highlighting ongoing cyber risks in cryptocurrency hardware wallets.

NEW: Hardware wallet Trezor announces that a security breach at a third-party support portal may have exposed up to 66K users to phising attacks pic.twitter.com/XPjFRaYtoh

— Bitcoin News (@BitcoinNewsCom) January 21, 2024

Trezor, a prominent hardware wallet producer, recently revealed a substantial security breach. This breach, confirmed on January 20, has potentially compromised the personal information of around 66,000 users. Notably, this incident traces back to unauthorized access to a support portal managed by a third party, discovered on January 17.

Legal & Regulation

Woo X Introduces Tokenized US Treasury Bills for Retailers

Legal & Regulation

Bitcoin Transaction Fees Drop Post-Halving

Legal & Regulation

Kenyan Officials Extradite Binance Executive to Nigeria

Legal & Regulation

Google Ads Exploited to Advertise Fraudulent Crypto Platform

Understanding the Impact

The breach specifically targeted those who have interacted with Trezor’s support team since December 2021. Trezor, prioritizing transparency, reached out to the affected 66,000 contacts, cautioning them about possible phishing attacks. It’s essential to note, however, that users’ funds remained untouched during this breach. The integrity and security of the Trezor devices remain intact.

Phishing, a prevalent form of cybercrime, involves the impersonation of a trusted party to extract sensitive information. In this scenario, at least 41 Trezor users received direct emails from the attackers, seeking confidential data concerning their recovery seeds. Moreover, eight individuals who registered on a trial discussion platform of the same third-party vendor also had their contact information exposed.

Despite these concerning developments, Trezor assures that no recovery seed phrases were disclosed. The company was quick to alert the users who received these suspicious emails, doing so within an hour of recognizing the incident. Trezor continues to monitor the situation, although they haven’t observed a significant increase in phishing activities linked to this breach.

This isn’t the first time Trezor has faced security challenges. In March, they alerted their users about a phishing scheme that directed them to a counterfeit Trezor website, attempting to steal their recovery phrases. Another notable incident involved scammers selling fake Trezor hardware, and gaining access to users’ private keys.