Trezor Security Flaw, Users in Danger

The user database of the Trezor cold wallet has been attacked, causing the personal information of almost 66,000 users to be leaked. The funds of the users concerned are intact, but highly exposed to phishing scams involving the theft of their e-mail addresses by malicious individuals.

Trezor database compromised

If you are a user of Trezor, be extra vigilant. Trezor has indeed announced to have recorded unauthorized access to the third-party support portal on January 17. This incident resulted in the leakage of part of its database.

As a result, the names and e-mail addresses of all users Trezor users who have interacted with customer support since December 2021 are accessible to the malicious people behind this incident. 66,000 users would be affected, according to Trezor.

The security incident we have identified has implications for customers who have interacted with Trezor support since December 2021. Although this represents a small proportion of our overall user base, up to 66,000 contacts were present in the system during this period.

Trezor

Unlike the hack of Ledger, no users of Trezor have lost funds as a result of this incident. It is only out of a duty of transparency and prudence that Trezor reported on the incident.

In addition to the public statement, the company has contacted the 66,000 users concerned individually, informing them of the incident and urging them to be extra vigilant. As a result of this leak, they are more exposed than ever to hacks of a very special kind.

Users now fully exposed to phishing risks

Although this incident did not result in the theft of funds, the disclosure of users’ personal information is still a danger. Indeed, the exposure of e-mail addresses can lead to phishing attacks.

As a reminder, phishing generally involves sending an e-mail containing a malicious link to a person. Once the recipient clicks on the link, their crypto wallet is at risk. This type of hack is commonplace, and several companies, like Metamask, are fighting against it.

Moreover, the malicious actor behind the Trezor quickly went to work. 41 users whose personal information had been disclosed received e-mails from the hacker. Posing as Trezorthis malicious actor asked for the wallet recovery phrase.

image 1 1 - Coinpri

Trezor has reported that no user contacted by the malicious actor has shared its recovery phrase. The company reminds its users that under no circumstances and in no way will it ask for the recovery phrase. Any communication of this nature should be regarded as an attempted scam.

Cold Wallets are reputed to be very secure wallets. However, they are not immune to security breaches. Their owners must always be vigilant. Nothing can protect a careless, ill-informed and unwary investor from hacks. Choose the right wallet, like the one from our partner D’Cent and follow the right advice to protect yourself.