Trezor's 3rd-Party Support Portal was Hacked - page 2.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Learn Bitcoin on January 21, 2024, 11:03:13 PM

Trezor claims that no one was affected but approximately 66000 users' email and nicknames were leaked. This means the hacker has a list of 66000 Trezor users and he will surely try to use those emails to do something.

The hacker doesn't necessarily have the information of 66,000 Trezor users. They have information on (according to reports) a maximum of 66.000 users that contacted Trezor support from December 2021. Many of them are surely owners of their hardware wallets, other's could be interested parties, like you and me, who sent an email and asked for information or clarification on some points.

Trezor stated that they still don't have information if there were any victims, but they know of 41 phishing emails that were sent out. That was the information that was available when I created this thread.

Quote from: Husires on January 22, 2024, 08:54:44 AM

hacker was able to develop a fake Trezor Suite App and ask users to download it, connect their wallets, and then steal it easily.

They didn't develop a fake app. This is a phishing scheme. A social engineering attempt to get you to email them the seed.

Quote from: Husires on January 22, 2024, 08:54:44 AM

Why does Trezor retain customer data from December 2021, and what is their need for this data, since the user does not interact with the company directly after purchasing the devices?

It's not Trezor's data. It belongs to the 3rd-party service they use for the customer support portal. Their TOS and Privacy Policy will shed more light on how long they retain customer information.

BlackHatCoiner

legendary

Activity: 1344

Merit: 6415

Farewell, Leo

Pretty much what Learn Bitcoin said. The problem isn't the phishing attack per se; I mean, it really sucks if someone fell for that, but they can't have missed the many warnings. (If I recall correctly, once the seed is generated, it displays a "Never share it with anyone" message)

The problem is, for once more, the data the hacker possesses right now. That email and name list will sooner or later be sold at Breached or some other corner of the darknet, and there will be victims.

Husires

legendary

Activity: 1582

Merit: 1284

I am surprised that despite the hacker's efforts to access the basic system and some sensitive data, including the email address, he exploits it in a trick to send seeds. hacker was able to develop a fake Trezor Suite App and ask users to download it, connect their wallets, and then steal it easily.
Why does Trezor retain customer data from December 2021, and what is their need for this data, since the user does not interact with the company directly after purchasing the devices?

Learn Bitcoin

hero member

Activity: 462

Merit: 767

#SWGT CERTIK Audited

I have just checked the post by Trezor and came to this board to see if this was posted or not. It's surprising how these crypto hacks continue. Even though it wasn't the Trezor but the 3rd party support center they use, still it's alarming. Trezor claims that no one was affected but approximately 66000 users' email and nicknames were leaked. This means the hacker has a list of 66000 Trezor users and he will surely try to use those emails to do something.

Even though they have regained access to their support center, the hacker still has a chance to use email spoofing and send emails to those Trezor users and try various hacking attempts like sending malware and asking them to download, or asking them to use new web portal which could be phishing and numerous more methods they may try. There are still a few percentage of people who might believe those emails and try those things.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Churchillvv on January 20, 2024, 05:28:28 PM

If someone has move from software wallet to a hardware like trezor I believe he/she most have know the pros and cons or does and don't of wallets. So from my perspective I don't want to believe that someone would fall for this simple trick of sending your passphrase to anyone.

It sometimes amazes me what kind of cheap tricks people fall for. It's things like giving scammers their seeds and private keys by entering them in a phishing site that is on top of the list. It still works, and scammers still make money that way. In other cases, it's carelessness or tiredness that causes people to commit mistakes and not notice what they are doing.

Quote from: Churchillvv on January 20, 2024, 05:28:28 PM

Even before you could finish setting up your trezor wallets passphrase there is a caution that says "do not give out your passphrase to anyone it's your private property." That should be enough warning except for the fact that it was targeted on users who might have been offline.

Don't mistake the recovery phrase/seed for the passphrase. Those are two completely different things. Trezor surely cautions you not to give out the recovery phrase. The passphrase is an advanced and optional security feature that you can set up if you want, but it's not a requirement to do so. Due to Trezor's unfixable seed extraction vulnerability, it's recommended to have one or multiple passphrases set up.

Churchillvv

member

Activity: 66

Merit: 5

Eloncoin.org - Mars, here we come!

Quote from: Pmalek on January 20, 2024, 02:38:16 PM

What now?
Nothing changes. Never enter your seed or send it to anyone, no matter who asks. Think before you do anything that might compromise you and your funds.

If someone has move from software wallet to a hardware like trezor I believe he/she most have know the pros and cons or does and don't of wallets. So from my perspective I don't want to believe that someone would fall for this simple trick of sending your passphrase to anyone. Even before you could finish setting up your trezor wallets passphrase there is a caution that says "do not give out your passphrase to anyone it's your private property." That should be enough warning except for the fact that it was targeted on users who might have been offline.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Trezor has just informed the public that there was a security incident on 17 January 2024 that affected their third-party support ticketing portal. Someone gained access to the platform and certain sensitive data.

Here is what is known so far:

- The hack DID NOT compromise the hardware wallets or seeds of users in any way.
- Trezor was not hacked. A third-party service they use was compromised.
- The hack affected users who may have been in contact with Trezor customer support since December 2021.
- It's believed that up to 66,000 users may have been affected.
- The leaked data involves email addresses and names/usernames used.
- The hacker already contacted 41 users and requested they email him their seeds to "check the firmware version on their device."

Trezor has already started contacting the 66,000 users they believe may have been affected. If you are among those, expect an email from [email protected] today or tomorrow.

Here is an example of the phishing email that customers received from the hacker:

What now?
Nothing changes. Never enter your seed or send it to anyone, no matter who asks. Think before you do anything that might compromise you and your funds.

You can read a detailed report on the security incident on the Trezor blog:
https://blog.trezor.io/trezor-security-update-stay-vigilant-against-potential-phishing-attack-bb05015a21f8

Topic: Trezor's 3rd-Party Support Portal was Hacked - page 2. (Read 315 times)