Trezor, the famous crypto hardware wallet, has published a security advisory for its users, after its support portal was breached with a phishing attack on January 17, 2024.
Summary
Trezor: the hardware crypto-wallet publishes a security notice after the data breach on January 17th
Last January 17th, Trezor suffered a phishing attack with a data breach of its customers on the third-party support portal.
In practice, the data involved were email addresses, names/nicknames of those users who had contacted their customer support team. The breach does not appear to have caused any theft of cryptocurrencies.
In this regard, Trezor wanted to publish a security notice, in order to keep them alert on how not to pave the way for any other new phishing attacks.
“Security alert. On January 17, 2024, the third-party support portal we use experienced an unauthorized access. The potentially affected data is limited to the emails and names/nicknames of users who have contacted our customer support team.”
We want to assure you that this does not pose a threat to your digital assets, neither now nor in the future. Although we have not detected any phishing activity following this incident, in our commitment to full transparency, we have decided to alert you to phishing schemes targeting your recovery seed. What you need to know: 1) Your Trezor wallet and your resources remain safe. 2) NEVER share your recovery seed with anyone. Remember that Trezor representatives will never ask you to do so. 3) Be cautious of phishing attempts or suspicious emails. 4) Always confirm instructions directly on the Trezor device.
We understand the concerns that arise from situations like this and apologize for any inconvenience caused.”
Trezor: the crypto hardware wallet and security
The incident has raised concerns about security among users, who have been contacted directly by the crypto hardware wallet.
And indeed, it seems that Trezor would have warned every attacked user of the potential increase in the risk of another phishing attack, which aims to obtain their recovery seed phrase.
According to what has emerged, it seems that there are 41 users directly contacted by the malicious actor via email, with a request for sensitive information.
In this regard, Trezor has urged all users to pay attention to unusual or suspicious contact attempts and to verify the legitimacy of any communication apparently coming from Trezor support.
The growth of interest after the exploit suffered by Ledger
It was mid-December 2023, when another famous crypto hardware wallet, Ledger, had suffered an attack on the connect kit library, putting the funds of millions of users at risk.
Even in that case, the timely intervention of the company’s team had managed to keep all the funds safe, but raising concerns about its security.
The consequence, in fact, is that many dissatisfied Ledger users have started to show more interest in its competitor Trezor.
In reality, both Trezor and Ledger are non-custodial crypto wallets, meaning they do not take custody of users’ private keys who hold their crypto on their devices.
The seed phrase, along with the device PIN, represent the two main securities of the hardware wallet that protect the user from loss, theft, or certain cyber attacks.
