Prominent hardware wallet company Trezor has revealed a security breach involving unauthorized access to the platform of one of its third-party service providers. Trezor states that there was no loss of funds. However, the security incident has now exposed 66,000 of its customers to the risks of a phishing attack.
Trezor Raises Alarm Following Security Incident
According to Trezor’s statement, they identified an unauthorized access to its third-party support ticketing portal on January 17, 2024, at exactly 20:24 CET. The hardware wallet company states the breach was only at the level of the third service provider, and they were able to effectively revoke the stranger’s access in no time.
Upon the commencement of an internal audit, they discovered there is a potential that the bad actors gained access to certain client details such as email and name/nickname.
However, Trezor states that only the 66,000 customers who have interacted with its support team since December 2021 are liable for such risks. Acting with all urgency, the hardware wallet company stated it had sent an email to all affected users alerting them of the incident.
Furthermore, Trezor also revealed that the bad actors attempted to establish contact with 41 of the company’s customers, sending an email which requested for the recovery seed phase to their wallet.
In a similar fashion, Trezor moved swiftly to get ahead of the situation, informing the contacted users of the security breach, thus ensuring that no recovery seed phase was revealed to the hackers.
In addition, another group of eight individuals who signed up on Trezor’s trial discussion platform, hosted by the compromised third-party service, were also alerted by the company’s support team as investigations revealed the bad actors may have also gained access to their contact details.
User Funds Remain Safe; Trezor Tells Users To Remain Vigilant
Trezor states that the recent security incident led to no loss of users’ funds. However, there remains a high risk of phishing attacks targeted at the recovery phase mechanism following the compromise of customers’ information.
The crypto wallet company urges all users to never disclose their recovery phrase to other parties and should always contact its support team to resolve issues relating to their wallet.
Phishing attacks remain one of the most common woes plaguing the crypto ecosystem. According to blockchain security firm Scam Sniffer, 324,000 individuals lost about $300 million worth of assets to phishing scams alone in 2023. These figures only emphasize the status of such menace and the need for continuous development of effective security measures.
Total crypto market cap valued at $1.599 trillion on the daily chart | Source: TOTAL chart on Tradingview.com
Featured image from Cyber Security Hub, chart from Tradingview