Trezor has reported a security breach that has exposed the contact information of nearly 66,000 of its users.
The incident came to light on January 20, when Trezor officially announced that unauthorized access had been identified on a third-party support portal on January 17.
According to the company, individuals who had interacted with Trezor’s support team since December 2021 might be affected by this breach.
The renowned manufacturer of cryptocurrency hardware wallets claimed that no user funds were compromised during the incident.
The company reassured its users that their Trezor devices remain as secure as ever.
“We want to stress that none of our users’ funds have been compromised through this incident. Your Trezor device remains as secure today, as it was yesterday.”
However, the potential repercussions of the breach lie in the exposure of users’ contact details, which puts them at risk of falling victim to phishing attacks.
Phishing is a prevalent form of cybercrime where attackers impersonate trusted entities to deceive individuals into revealing sensitive information, such as login credentials or credit card numbers.
Trezor has notified all 66,000 affected users about the situation by sending them emails to raise awareness of the potential phishing risks.
41 Users Have Received Phishing Emails
It is worth noting that at least 41 users have already received direct email messages from the attacker, requesting sensitive information related to their recovery seeds.
Additionally, eight individuals who had created accounts on the same third-party vendor’s trial discussion platform also had their contact details compromised.
Despite the breach, Trezor has emphasized that no recovery seed phrases were disclosed as a result of the incident.
The company claims to have promptly alerted users who received suspicious emails within an hour of the breach occurring.
Fortunately, as of now, there hasn’t been a noticeable increase in phishing activity stemming from this security incident.
Trezor, while being a reputable name in the cryptocurrency hardware wallet industry, has faced its fair share of security challenges over the years.
In March, the company warned users about a phishing attack that aimed to steal investors’ money by directing them to enter their wallet’s recovery phrase on a fake Trezor website.
In another incident, scammers peddling counterfeit Trezor hardware managed to gain control over users’ private keys.
Despite losing around $2 billion to crypto thefts, 2023 saw a slight decline in hacking incidents targeting the cryptocurrency industry.
According to a recent report from De.FI, a prominent web3 security firm known for its REKT database, hackers managed to pilfer $2 billion in digital assets throughout the year.
While that amount is still alarming, it marks the first decrease in crypto hacking incidents since 2021.
The REKT database ranks the most devastating crypto hacks, ranging from the historic breach of the Ronin network in 2022, where hackers looted over $600 million in crypto, to the recent attack on Mixin Network, resulting in a haul of approximately $200 million.
“This cumulative amount of stolen funds, spread across multiple incidents, highlights the ongoing vulnerabilities and challenges within the DeFi ecosystem,” stated De.FI in its report.
“2023 served as a testament to both the persisting vulnerabilities and the progress made in addressing them, despite muted interest in the space during the first half of the year due to the ongoing bear market.”
