- Trezor faced a security breach recently that likely exposed the data of 66,000 users.
- Security breaches remain one of the biggest threats in the crypto ecosystem.
Crypto hardware wallet manufacturer Trezor has announced a security breach that exposed the contact information of nearly 66,000 users. The incident, identified on January 17, has raised concerns among crypto enthusiasts who rely on Trezor’s devices for secure storage of their digital assets.
Details of the Breach on Trezor Wallet
Trezor traced the breach to unauthorized access to a third-party support portal on January 17. Users who interacted with Trezor’s support team since December 2021 may have had their data accessed, as stated in the company’s January 20 announcement. The breach, occurring at the third-party service provider level, prompted Trezor to take swift action in notifying the affected users.
The company revealed that about 41 users were directly contacted via email by the individual responsible for the breach, requesting sensitive information about their recovery seeds. Trezor promptly reviewed these interactions and assured users that no recovery seed phrases were disclosed.
Additionally, eight individuals who created accounts on Trezor’s trial discussion platform hosted by the same third-party vendor may have had their contact details compromised. Trezor’s support team has already contacted these eight individuals to make them aware of the incident and the potential risks associated with phishing attacks.
In response to the breach, Trezor acted swiftly to alert all 66,000 affected users within the same day, emphasizing its commitment to transparency and user safety. Trezor reassured its users that the security of their Trezor devices remains intact, stating,
“Your Trezor device remains as secure today as it was yesterday.”
Despite the breach, no recovery seed phrases were disclosed, and Trezor continues to monitor the situation closely.
Recognizing the concern this incident may have caused, Trezor apologized for any inconvenience and promised to continue working on improving security practices. The company acknowledged the issues inherent with third-party service providers and announced that it is carefully reviewing its relationship with the vendor involved in the breach.
Trezor’s Security Challenges
While Trezor is renowned for its secure hardware wallets, this isn’t the first time it has faced security incidents. In June, the company warned users about the risk of losing cryptocurrencies through a fake Trezor App. Another incident involved scammers selling fake Trezor hardware, allowing them to take control of users’ private keys.
It is worth mentioning that Trezor’s experience is not isolated, as the crypto industry has witnessed other phishing attacks. In August, the terra.money domain faced a security breach leading to a phishing scam targeting Terra users. The attacker employed sophisticated tactics, including a SIM swap attack to bypass two-factor authentication.
The latest phishing attempt on Trezor underscores the ongoing issues and threats of cybersecurity in the crypto space. Trezor’s prompt response and commitment to transparency were commended by the community but also highlight the importance of ongoing monitoring and improvement in industry security policies. Users should exercise caution and adhere to best practices to protect their assets in the face of evolving cyber threats.