Data Breach Hits Trezor: 66,000 Users’ Emails Exposed

Trezor, a developer of hardware wallets for cryptocurrency, has reported a data breach. The attack occurred on January 17, 2024, when malefactors gained unauthorized access to a third-party technical support portal.

While the investigation into the incident is still underway, the company emphasizes that there is no evidence thus far that user digital assets have been compromised. “Your Trezor device remains as secure today, as it was yesterday,” the manufacturer reassures.

However, information regarding 66,000 users who have interacted with Trezor’s support service from December 2021 to the present could have been exposed to the attackers. The breach involved email addresses, phone numbers, and other personal information stored in the hacked system.

Worse yet, Trezor specialists have identified 41 instances of the leaked data being used: attackers contacted users attempting to deceitfully obtain their recovery seed, necessary for wallet access.

Phishing message | Image: Trezor

Specifically, attackers have been sending Trezor users emails resembling an automated response from support, requesting disclosure of the 24-word seed phrase previously used for setting up Trezor devices. The phishing message claims the seed is only required for firmware validation and will not be “accessible to people.”

The company has notified all potentially affected users about the incident and warned them of ongoing phishing attacks. Trezor notes that there have been no reports of successful attacks thus far.

Trezor reminds users that under no circumstances should they ever disclose their seed phrase to anyone. This information is confidential and intended solely for the hardware wallet user’s knowledge.