Trezor Warns That 65 Thousand Users of its Wallet Were Affected By a Cyber Attack

By Talha.Khalid | Blockchain Development | 21 Jan 2024

Trezor warned that its security team detected a vulnerability on January 17, "where there was unauthorized access to the third-party support ticket portal that we use," they indicate.

According to the statement from Trezor, a company promoted by SatoshiLabs, the personal data of at least 66 thousand people could have been compromised by the flaw. They warn their users to remain alert for possible phishing attacks, because the information that may have been leaked, according to an internal audit, reveals emails and usernames of people who contacted the company's technical support from 2021.

"We are making every effort to work with the third-party service provider to thoroughly investigate the incident," the Trezor team said. The company noted that they contacted all 66,000 contacts by email to notify them of the incident within an hour of detection. "Although it is not confirmed, we consider it our responsibility to inform our affected users of the possibility that their contact information has been exposed and at risk of suffering a phishing attack," they added.

Trezor emphasizes that its users' funds would not have been compromised by the incident, because no user passphrases were revealed.

Screenshot of an email sent by an attacker to a Trezor user

So far, at least 41 users claim to have received direct emails from an attacker, requesting confidential information about their recovery seeds. Additionally, 8 people who created accounts on the same third-party provider's test discussion platform also had their contact details compromised.

“The potential exposure of email addresses can be detrimental due to the fact that emails may be subject to phishing attempts. “So far, we have not seen any increase in phishing activity as a result of this security incident.”

Trezor, hardware wallet manufacturer.

Phishing is a social engineering technique that involves sending fraudulent emails, text messages, phone calls, or websites designed to manipulate people into downloading malware, sharing sensitive information (e.g., passwords, card numbers, etc.) etc.) or perform unwanted actions. Phishing attacks typically impersonate a trusted company or organization, such as a bank, online store, or government agency. In May 2023, the security firm Unciphered disclosed that its research team had detected a vulnerability in the One and T models. Through a sophisticated procedure, difficult to execute, they claimed to have discovered a way to hack these wallets to obtain the seed or recovery phrases of a wallet, as an experiment.

Cryptocurrency Bitcoin (BTC) Blockchain Ethereum (ETH) Trezor

How do you rate this article?

15
Talha.Khalid
Talha.Khalid

Blockchain Development
Blockchain Development

A blog that covers everything that's happening in crypto world.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Openclaw Users Leveraging Brave Browsers Search API Openclaw Users Leveraging Brave Browsers Search API
Cje95

Cje95

22 hours ago
2 minute read

Why Did Someone Burn 107 BTC ($8 Million)? The Hypotheses Why Did Someone Burn 107 BTC ($8 Million)? The Hypotheses
☑️0🆇D̺͈͙͕̿ͧ̑ͣ🅰🆅🅸🅳eͤ

☑️0🆇D̺͈͙͕̿ͧ̑ͣ🅰🆅🅸🅳eͤ

2 Jun 2026
2 minute read

Architecture Marvels in Kumamoto Architecture Marvels in Kumamoto
cryotosensei

cryotosensei

11 hours ago
1 minute read