Trezor, a prominent hardware wallet company, has revealed a security breach involving unauthorized access to the platform of one of its third-party service providers. Trezor says there was no loss of funds. However, due to a security incident, 66,000 customers are now at risk of phishing attacks.
Trezor issues alert after security incident
According to a statement from Trezor, unauthorized access to a third-party support ticketing portal was confirmed on 17 January 2024 at exactly 20:24 CET. The hardware wallet company said the breach occurred only at the third-party service provider level, and that they were able to effectively revoke the stranger’s access immediately.
Once the internal audit began, they discovered that malicious actors were likely accessing certain customer details such as email and name/nickname.
However, Trezor stated that only 66,000 customers who have interacted with its support team since December 2021 are responsible for this risk. The hardware wallet company said it acted urgently and sent an email to all affected users informing them of the incident.
Additionally, Trezor said malicious actors attempted to contact 41 of the company’s customers and send emails to their wallets requesting recovery seed steps.
In a similar way, Trezor moved quickly to stay ahead of the situation, notifying contacted users of the security breach and ensuring that recovery seed steps were not disclosed to hackers.
Additionally, another group of eight individuals who had joined Trezor’s trial discussion platform hosted by a compromised third-party service also received a warning from the company’s support team. Our investigation revealed that malicious actors may have also accessed their contact information.
User funds remain safe. Trezor instructs users to remain vigilant.
Trezor said the recent security incident did not result in any loss of user funds. However, the risk of phishing attacks targeting recovery phase mechanisms following customer information breaches remains high.
The cryptocurrency wallet company urges all users to never reveal their recovery phrase to anyone and that they should always contact their support team to resolve any issues with their wallet.
Phishing attacks remain one of the most common problems plaguing the cryptocurrency ecosystem. According to blockchain security company Scam Sniffer, in 2023 alone, 324,000 individuals lost assets worth approximately $300 million to phishing scams. These figures only highlight the status of such threats and the need for continued development of effective security measures.
Total crypto market cap valued at $1.599 trillion on the daily chart | Source: TOTAL chart on Tradingview.com
Featured image from Cyber Security Hub, chart from Tradingview