Trezor, a manufacturer of hardware wallets, revealed a security compromise on January 20 in an announcement that exposed the contact details of around 66,000 users. On January 17, it was discovered that there had been an illegal entry into a third-party support service. It’s possible that users whose data has been exchanged with Trezor’s support staff since December 2021 have had it compromised.

Notification and Issues

Trezor acted responsibly by informing all 66,000 impacted contacts of the possible disclosure of their contact information, even if they maintain that the breach is unsubstantiated. Concerning the possibility of phishing attempts, the business made it clear that none of the user cash kept on their Trezor devices has been hacked.

Reports of Phishing Attempts

Trezor informs customers that no recovery seed phrases—which are necessary to access bitcoin funds—have been revealed, despite the incident. On the other hand, the attacker reportedly sent direct emails to at least 41 users, asking for private information about their recovery seeds. Eight people whose contact information was obtained also made accounts on a trial discussion platform run by a third-party vendor.

Undertanding Phishing

Phishing is a common kind of cybercrime in which perpetrators pose as reputable organizations in order to trick victims into divulging personal information. Users using Trezor are thus vulnerable to phishing attacks, which could result in the loss of private data, login credentials, or even bitcoin assets.

Quick Reaction and Communication: According to Trezor, within an hour of the security problem, users who received suspicious emails were notified. The business stresses that, as of right now, there hasn’t been any evidence of an increase in phishing attempts as a result of this hack.

The History of Security Incidents at Trezor

Even though Trezor is still a well-liked option for hardware wallets for cryptocurrencies, security issues have previously plagued the business. Trezor alerted customers in March to a phishing operation that sought to obtain investors’ funds by fooling them into entering their recovery phrase on a phony Trezor website. In another incident, con artists sold phony Trezor hardware, giving them access to users’ private keys.

Users are cautioned to exercise caution when they come across phishing efforts as Trezor works to address and resolve the current security problem. Although the business guarantees that the physical security of Trezor devices is unaffected, users are advised to proceed with caution and be on the lookout for any unexpected or dubious communications concerning their cryptocurrency holdings.