Tag: trezor

Ledger and Tezor Dismiss Rumor That Hackers Have Stolen Data from Popular Crypto Wallet Providers

Cybersecurity company “Under The Breach” has revealed that customers who have bought products using Shopify and bought items from companies such as KeepKey, Trezor, Bnktothefuture, and Ledger may have had their data leaked.

The cybersecurity company tweeted screenshots from a hacker trying to sell stolen data from KeepKey, Ledger, Trezor, and Bnktothefuture users.

The ‘Rumored’ Hack

The cybersecurity company further mentioned that the data was stolen after the hacker exploited weaknesses in the e-commerce website Shopify. The cybersecurity company posted screenshots in which the hacker advertised huge databases with information associated with an alleged 80,000 customers. This includes the customer’s name, email address, residential address, phone number, and other pieces of data.

The hacker is claimed to be the same individual who hacked the forum Ethereum.org in 2016. The hacker is now claiming to have the databases for Ledger, Trezor, and KeepKey users, including other important information. The hacker also claims to have hacked the Bnktothefuture SQL database and stole identify information from the investment platform. The databases are up for sale, but it may turn out to be false and publicity stunt.

A communications manager at Shopify said: “We investigated these claims and found no evidence to substantiate them, and no evidence of any compromise of Shopify’s system.”

Two of the four firms have taken the allegations seriously. 

Ledger made a follow-up on the matter, terming it as a rumor. The hard wallet provider claims that so far, the allegedly hacked database does not match its real database. Ledger said that it is likely that the hacker is totally lying. The company confirmed that it will be continuing its investigations on the issue.

Trezor tweeted its confirmation that there are rumors going around that its e-shop database has been attacked through a Shopify exploit. The company clarified that its e-shop doesn’t use Shopify, thus making a Shopify-related hack impossible. The firm said: “We are nonetheless investigating the situation. We’ve been also routinely purging old customer records from the database to minimize the possible impact.”

The hacker has several dubious claims and is reported to have databases for almost 20 crypto exchanges globally. Nobody can confirm whether or not the hacker truly does have these databases. So far it appears to be more hearsay.

US Law Firms Had Data Stolen and Encrypted by Hackers Demanding Crypto Ransoms

Various big companies seem to have been the victim of recent cyberattacks, which has led to the theft of a massive amount of private information from customers. Hackers have recently breached five US law firms and encrypted their data, thus forcing each firm to pay 100 Bitcoins (about $918,500 at the time of this report) to restore their access. The hacker group identified as “Maze” also has threatened to sell some stolen data in case the firms refused to pay a ransom. The hackers have developed the habit of publishing small parts of stolen data and release more and more sensitive aspects until victimized firms pay a ransom. Hackers demanding ransoms in Bitcoin have a negative impact on the public image of cryptos, making people believe that such coins are just meant for criminals. Last year was marked not only by multiple ransoms demanding cryptocurrencies but also by major cryptocurrency scams. 

Image via Shutterstock

Trezor Hires Jan Andrascik as Chief Information Security Officer

Parent company SatoshiLabs announced on Wednesday that it has hired Jan Andraščík as Trezor’s Chief Information Security Officer (CISO). 

In the new role, Andraščík is tasked with protecting SatoshiLabs’ data, systems, and physical security.

Before joining the cryptocurrency hardware wallets firm, Andraščík executed information security architecture roles for various leading firms including consultancies Accenture, and Deloitte, as well as financial services companies Raiffeisenbank and Česká Spořitelna (Erste Group).

While at Raiffeisenbank, Andraščík served a similar role to Trezor as a deputy to the CISO, where he was in charge of information security governance, risk management, and compliance.  

Andraščík is widely recognized as an information security industry expert and is frequently asked to give talks at conferences on issues regarding national cyber security.

Pavol Rusnák, the co-founder and co-owner of Trezor holding company SatoshiLabs, talked about the development and said: “Jan Andraščík is a highly respected information security leader, and we are fortunate to have him here at SatoshiLabs. Jan’s experience is invaluable as we further enhance our capabilities to protect customers’ data, keep improving our internal security and privacy policies and practices, keeping in mind our main goal – to help people build their own self-sovereignty.”

Andraščík commented about his appointment and stated: “We live in a world where digital surveillance is becoming increasingly common, and individuals can no longer take a privacy for granted. SatoshiLabs is on a mission to restore privacy and control to people when it comes to their financial transactions. It’s a mission that I wholeheartedly believe in, and it’s a privilege for me to help further enhance Trezor’s already excellent, security-first approach to operations and products.”

Addressing Security Concerns

The hiring comes as SatoshiLabs recently became increasingly targeted by cybercriminals.

Early last month, hackers sent out fake data breach notifications to Trezor crypto wallet users through the company’s mailing list. The fake email notification promoted users to download a fake Trezor Suite software, aimed at stealing their recovery seeds. The company confirmed the phishing attack.

In May 2020, cyber hackers also attempted to sell customer data that stems from Trezor.

As a result, SatoshiLabs hired the chief information security officer to combat the growing threat of online breaches.

SatoshiLabs, the inventor of Trezor crypto hardware wallets, is in business to give users easy, private and secure tools for crypto adoption.

The company was launched in 2012, and since then it has been coming up with disruptive products that eventually become the industry standard. The firm was an early entrant to the cryptocurrency market, with the first Trezor launched in January 2014.

Hardware Wallet Trezor Adds Crypto Purchase Service via MoonPay

Hardware wallet company Trezor on Wednesday partnered with Crypto payments company MoonPay to integrate the ability to buy cryptocurrencies.

The partnership will allow customers to purchase over 1,000 cryptocurrencies, including Bitcoin (BTC), Ether (ETH), Tether (USDT), BNB, Cardano (ADA)  through the hardware wallet.

A hardware wallet means that the private key is stored in the Trezor wallet, not in a computer or network. So even if a hacker hacks into your computer, they cannot steal the private key or initiate a transaction, because the last step of the transaction requires the holder to press the button on the wallet.

MoonPay offers the infrastructure that industry stakeholders can bank on to buy digital assets quickly, cheaply, and securely. The platform is integrated with a number of digital assets brokerage, including Bitcoin.com, Trust Wallet, ABRA, and ZenGo.

Antonio Talledo, Senior Business Development Manager from MoonPay said that:

“By allowing Trezor owners to buy crypto directly from their wallet, we’re tapping into a committed cohort of cryptocurrency users who take security very seriously, Through this partnership with MoonPay, we’re taking the lead to bring secure, borderless and easy financial freedom to billions”

Crypto payments company MoonPay has raised $555 million in its first-ever Series A funding round, earning the firm a unicorn valuation of $3.4 billion in November last year.

Trezor has previously integrated with Invity, a crypto exchange comparison tool, to provide wallets with the best quotes for trading between various fiat and cryptocurrencies.

Trezor Produces In-House Chips to Speed Up Hardware Wallet Production

Trezor, a popular hardware wallet manufacturer, has announced that it will produce its own chip wrapper, a key component of its Trezor Model T wallet, to optimize production and reduce lead times in the supply chain. By bringing chip manufacturing in-house, Trezor can be more agile and adaptable to market conditions, reducing its reliance on third-party suppliers and eliminating shipping delays caused by component supply and demand.

The move is a significant one for Trezor, as it allows the company to take greater control over the supply chain and respond quickly to factors like geopolitical disruption and labor shortages caused by the COVID-19 pandemic. Previously, the company was exposed to third-party supply vulnerabilities due to factors like these, which could result in delays in shipping finished products and cause consumers to be exposed to price fluctuations based on component supply and demand.

The move to in-house chip manufacturing also provides Trezor with more design freedom for future products, allowing the wallet provider to build the hardware wallet devices from scratch. Additionally, the move will enable Trezor to respond quickly to market conditions and meet the growing demand for its products.

The decision to produce its own chip wrapper comes a year after Tropic Square, a startup operated by Trezor’s parent firm Satoshi Labs, launched a new open-source chip called TROPIC01, which provides cryptographic key generation, encryption, signing, and authentication for users. Trezor is expected to become the first customer of Tropic Square for the product, which provides a unique business model that can be applied in exceptional cases.

According to Štěpán Uherik, Trezor’s Chief Financial Officer, the company has collaborated with its partner STMicroelectronics to identify areas where they can take control and make the manufacturing process as agile as possible. By unpacking the process, Trezor has managed to optimize the production of its wallets and meet the growing demand for its products.

Trezor’s decision to produce its own chip wrapper is a strategic move that has significant implications for the hardware wallet industry. It allows companies to have greater control over their supply chain, respond quickly to market conditions, and meet the growing demand for hardware wallets.

In conclusion, by producing its own chip wrapper, Trezor is accelerating hardware wallet production and ensuring that it can meet the demand for its products. The move provides greater control over the supply chain, reduces lead times, and eliminates shipping delays caused by component supply and demand. It also provides more design freedom for future products and allows Trezor to respond quickly to market conditions. Overall, it’s a strategic move that positions Trezor as a leader in the hardware wallet industry.

Cryptocurrency Phishing Attacks Surge in 2022

When it comes to cryptocurrency-related cyberattacks, bad actors have seemingly reduced the use of traditional financial threats like desktop and mobile banking malware, shifting their focus to phishing. Russian cybersecurity and anti-virus provider Kaspersky has revealed that cryptocurrency phishing attacks witnessed a 40% year-on-year increase in 2022. The company detected 5,040,520 crypto phishing attacks in the year, compared with 3,596,437 in 2021. This represents a significant increase in the number of phishing attacks targeting crypto investors.

A typical phishing attack involves reaching out to investors through fake websites and communication channels that mimic official companies. Users are then prompted to share personal information such as private keys, which ultimately provides attackers unwarranted access to crypto wallets and assets. This is a serious threat, as once attackers have access to a user’s private keys, they can gain control over their cryptocurrency holdings and potentially steal their assets.

While Kaspersky could not predict if the trend would increase in 2023, phishing attacks continue to gain momentum in 2023. Most recently, in March, hardware cryptocurrency wallet provider Trezor issued a warning against attempts to steal users’ crypto by tricking investors into entering their recovery phrase on a fake Trezor site. This highlights the need for users to exercise caution and be vigilant in their interactions with cryptocurrency platforms.

In a survey conducted by Kaspersky in 2022, one out of seven respondents admitted to being affected by cryptocurrency phishing. While phishing attacks predominantly involve giveaway scams or fake wallet phishing pages, attackers continue to evolve their strategies. According to Kaspersky, “crypto still remains a symbol of getting rich quick with minimal effort,” which attracts scammers to innovate their techniques and stories to lure in unwary crypto investors.

Even established cryptocurrency platforms and their investors are not immune to phishing attacks. Arbitrum investors were recently exposed to a phishing link via its official Discord server. A hacker reportedly hacked into the Discord account of one of Arbitrum’s developers, which was then used to share a fake announcement with a phishing link. This highlights the importance of securing communication channels and taking measures to ensure that official channels are not compromised.

To protect themselves from phishing attacks, cryptocurrency investors should be wary of unsolicited communications and only interact with official channels. They should also avoid sharing their private keys or recovery phrases with anyone, even if they appear to be legitimate sources. Finally, it’s essential to use two-factor authentication and keep their software and anti-virus systems updated to ensure maximum protection against phishing attacks.

In conclusion, phishing attacks targeting cryptocurrency investors are increasing in frequency, and scammers are continually evolving their techniques to steal investors’ assets. It’s crucial for investors to remain vigilant and exercise caution in their interactions with cryptocurrency platforms to avoid falling victim to these scams. By taking the necessary precautions, investors can help safeguard their cryptocurrency holdings and prevent losses due to phishing attacks.

Cryptocurrency Phishing Attacks Rise by 40% Year-on-Year in 2022

Cryptocurrency-related cyberattacks have seen bad actors shift their focus from traditional financial threats to phishing. Kaspersky has revealed a 40% year-on-year increase in cryptocurrency phishing attacks in 2022, with 5,040,520 attacks detected compared to 3,596,437 in 2021. Phishing attacks involve reaching out to investors through fake websites and communication channels that mimic official companies, and prompting users to share personal information such as private keys, which ultimately provides attackers unwarranted access to crypto wallets and assets.

While Kaspersky could not predict if the trend of cryptocurrency phishing attacks would increase in 2023, phishing attacks continue to gain momentum in 2023. In a survey conducted by Kaspersky, one out of seven respondents admitted to being affected by cryptocurrency phishing.

Phishing attacks predominantly involve giveaway scams or fake wallet phishing pages, but attackers continue to evolve their strategies. Kaspersky has noted that “crypto still remains a symbol of getting rich quick with minimal effort,” which attracts scammers to innovate their techniques and stories to lure in unwary crypto investors.

Recently, hardware cryptocurrency wallet provider Trezor issued a warning against attempts to steal users’ crypto by tricking investors into entering their recovery phrase on a fake Trezor site. This highlights the importance of being vigilant and taking necessary precautions to protect one’s crypto assets.

In a recent incident, Arbitrum investors were exposed to a phishing link via its official Discord server. A hacker reportedly hacked into the Discord account of one of Arbitrum’s developers, which was then used to share a fake announcement with a phishing link. This shows that attackers are constantly finding new ways to trick investors into sharing their personal information, and highlights the need for increased security measures to protect against cryptocurrency phishing attacks.

In conclusion, cryptocurrency phishing attacks continue to rise, with attackers evolving their strategies to lure unwary crypto investors. It is crucial for investors to be vigilant and take necessary precautions, such as avoiding clicking on suspicious links, verifying the authenticity of websites and communication channels, and using hardware wallets to store their crypto assets. Additionally, companies must prioritize security measures and educate their users to help prevent and mitigate the effects of cryptocurrency phishing attacks.

Trezor Strengthens Security Measures Amid Phishing Concerns

Trezor, a renowned cryptocurrency hardware wallet manufacturer, recently faced a significant security breach. This breach, detected on January 17, 2024, potentially exposed the contact details of approximately 66,000 users. The unauthorized access occurred in Trezor’s third-party support ticketing portal, posing a serious risk of phishing attacks to the affected users.

Breach Discovery and Impact

The incident came to light when Trezor’s internal systems identified unauthorized access in their third-party support ticketing system. This breach potentially compromised the email addresses and names of users who have been in contact with Trezor’s support team since December 2021. Despite the severity of the data breach, Trezor has confirmed that users’ funds and device security remain unaffected.

Response to the Breach

In response to the breach, Trezor acted swiftly to revoke the intruder’s access and ensure the breach was contained at the third-party service provider level. The company has been transparent with its users, notifying the 66,000 potentially affected customers and providing guidance on how to protect themselves from phishing attempts. Trezor has reassured its customers that their digital assets have not been compromised and emphasized the continued security of their devices and funds.

Phishing Threat and User Guidance

The breach has significantly increased the risk of phishing attacks. Trezor has proactively informed users about these risks, advising them to be wary of unsolicited communications and never to share their recovery phrases with anyone. The company has also highlighted its commitment to continuous communication and transparency with its user base.

Past Incidents and Ongoing Vigilance

This is not the first time Trezor has faced security challenges. The company has a history of dealing with phishing attacks and counterfeit hardware issues. In response to these ongoing threats, Trezor places a strong emphasis on user education and vigilance to safeguard against similar incidents in the future.

Conclusion

The recent security breach at Trezor underscores the persistent threats in the digital asset space. Trezor’s quick and transparent response demonstrates their dedication to user security and serves as a reminder of the importance of cybersecurity in the cryptocurrency industry.

Trezor's Social Media Compromised, Fake $TRZR Token Presale Promoted

Trezor, a leading hardware wallet manufacturer, recently found itself at the center of a security incident that has once again highlighted the vulnerabilities associated with social media platforms. According to reports from independent blockchain investigator ZachXBT and the crypto security service Scam Sniffer, Trezor’s social media accounts were used to promote fraudulent presale token offerings for a non-existent “$TRZR” token on the Solana network.

The breach is suspected to have originated from a SIM-swap attack, a type of identity theft that exploits a vulnerability in two-factor authentication and verification processes. In a SIM-swap, attackers convince a victim’s mobile phone carrier to switch their phone number over to a SIM card in the attacker’s possession. By doing so, they can intercept messages and bypass security measures tied to the victim’s phone number.

The fraudulent promotion of the $TRZR token raised immediate red flags within the crypto community, as Trezor does not have a native token. The quick response from vigilant experts in the community helped prevent what could have been a significant number of individuals falling prey to the scam. However, the incident has raised serious questions about the security measures in place on social media platforms and the potential risks they pose for both individuals and companies in the crypto space.

Trezor, upon becoming aware of the situation, promptly informed its users of the breach and warned them not to engage with the fraudulent advertisements. In a statement released on their official channels, Trezor confirmed that they were investigating the breach and would be taking steps to prevent such incidents in the future.

The SIM-swap technique has become an increasingly common threat in the digital age, particularly within the cryptocurrency sector, where it can lead to direct financial loss. This incident serves as a reminder of the importance of robust security practices. Crypto users are encouraged to use hardware wallets like those provided by Trezor, but also to ensure that their security extends to all linked accounts and communication channels.

This event also underscores the ever-present need for continuous scrutiny by the crypto community to spot and report suspicious activities. Services like Scam Sniffer play a crucial role in protecting users by detecting and alerting them to potential threats.

The ramifications of the Trezor account breach extend beyond the immediate risk of the fake token sale. It highlights the broader implications for brand reputation and trust within the industry. As the investigation unfolds, Trezor will likely enhance their security protocols, and this event may prompt other companies within the space to reassess their own vulnerabilities.

In the aftermath of the breach, it is vital for users to stay vigilant and for companies to fortify their defenses against similar attacks. The crypto industry continues to grapple with the balance between accessibility and security, and incidents like these serve as stark reminders of the ongoing battle against cyber threats.

Exit mobile version