Hackers attacked the Binance-backed Trust Wallet on January 17, but were unable to compromise any meaningful customer data thanks to the provider’s quick response.
January 29th Post by Trust Wallet published A security breach occurred due to a third-party customer support service. The issue was discovered during a routine security check and was quickly resolved, preventing user funds from being lost.
No private keys or seed phrases were stolen, and the attackers only briefly interacted with the file system maintained between Trust Wallet and the customer service company.
Unauthorized access was limited to the name/nickname and email address used to submit support tickets through a third-party system. The internal content of the ticket is not accessible.
Trust Wallet
The statement identified phishing scammers as the culprits. Phishers imitate a business or service and provide users with a malicious copy of the original platform. Typically, the goal is to access sensitive information and ultimately steal funds from unsuspecting victims.
Numerous phishing campaigns targeting cryptocurrency-based companies have already been launched in the first months of this year. Users of hardware wallet maker Trezor were exposed to a phishing email that left more than 66,000 customers vulnerable. Phishers posed as Trezor team members and attempted to obtain wallet credentials known only to individual users.
Around the same time, a cryptocurrency researcher discovered over $4.2 million in Ether-related (ETH) cryptocurrency stolen using operational code. The malware created a new address for each signature and redirected funds to this wallet, fooling victims into thinking they were signing genuine transactions.
Coingecko, Cointelegraph, De.Fi, Token Terminal, and WalletConnect are other platforms caught up in ongoing cryptocurrency phishing attacks. These scammers act as cryptocurrency journalists and are known to spread fake Calendly links through social media.