Trezor, a leading hardware cryptocurrency wallet provider, has issued a security alert following a data breach discovered on January 17. The breach resulted from unauthorized access to Trezor’s third-party support ticketing portal. While an ongoing investigation has found no evidence of compromised digital assets, a subset of approximately 66,000 users who engaged with Trezor Support since December 2021 may have had their names, usernames, and email addresses exposed. Trezor assures users that their funds remain secure, emphasizing that the breach does not compromise the security of Trezor devices.
Despite the limited impact on digital assets, Trezor confirmed 41 cases where attackers exploited the exposed data. The attackers engaged in phishing attempts, reaching out to users with messages resembling automated support replies. These phishing emails requested users to disclose their 24-word recovery seeds under the pretext of firmware validation. Trezor warns users about these phishing attempts and advises vigilance, emphasizing that no successful attacks have been observed.
The unauthorized access to Trezor’s support system has been terminated, and the risk from the breach was mitigated on January 17. Trezor has taken measures to inform potentially affected users about the incident and the associated phishing threats. The company underscores the importance of users never disclosing their seed phrases, as this sensitive information is crucial for securing cryptocurrency wallets and should remain confidential. Trezor remains committed to maintaining the security of its users and providing necessary precautions against potential threats arising from the data breach.
