Vulnerabilities and security gaps in the computer systems of hardware wallet manufacturers have become the Achilles heel for these devices considered the safest for storing cryptocurrencies.
Users of the Trezor hardware wallet could be victims of phishing attacks due to a security vulnerability exploited last week.
SatoshiLabs, manufacturer of this hardware device, recently warned that its system had been penetrated by an unauthorized person, who managed to access the data of 66 thousand users of its database.
Although the company minimized the impact of the exploited security breach, indicating that the compromised data belongs to only “a small part” of its entire user base, these 66 thousand users who were exposed could be victims of phishing attacks in the future.
These types of attacks have become popular in the cryptocurrency market, potentially targeting investors and holders of these digital assets.
What happened to Trezor?
The report published by SatoshiLabs indicates that on January 17, an unauthorized party gained access to the third-party support ticket portal used by the company. Although the security incident did not compromise the cryptocurrencies and assets that users store on Trezor, the attacker did. obtained access to contact information of hardware wallet users, putting them at potential risk of a phishing attack.
Among the data that was exposed in the attack were the names and nicknames of users and their respective emails.
The company acknowledged that it is its responsibility to share information about the exploited vulnerability and warn users to “increase their vigilance and improve the security of their personal information.”
SatoshiLabs said that the 66 users who were affected by the security breach have been contacted by the company to warn them about the possibility of receiving phishing emails, which try to trick them into stealing their crypto assets.
“The potential exposure of email addresses can be harmful due to the fact that emails can be the target of phishing attempts. “So far, we have not observed any increase in phishing activity as a result of this security incident.”, the company noted.
Phishing in the crypto world
Phishing has become one of the most frequent cyber attack techniques in the crypto world. The objective of these attacks is clear: steal essential information from victims to steal their cryptocurrencies.
Through phishing, attackers can trick cryptocurrency users by impersonating a service or company, such as Trezor, to make users believe that they are accessing legitimate or authentic domains of these services or companies. However, it is a trap with which attackers seek to get their victims to share their personal information and private keys to access their wallets and crypto assets.
Typically, phishing attacks warn users about a suspected security risk and invite them to set up new passwords or download a fake version of the service, which has supposedly been updated to counter the risk. Users who fall into these traps and enter their access pins, private keys or recovery phrases could lose their entire cryptocurrency.
Security in the cryptocurrency ecosystem
Self-custody is essential in the world of crypto assets. Thanks to their inherent characteristics, cryptocurrencies allow their owners to store and maintain custody of their funds without the need for a third party. However, users should be very alert to protect their private data and not enter passwords or recovery phrases anywhere.
To date, Trezor has not been the only hardware wallet that has suffered a security breach that has exposed its users' data. Also, Ledger, considered the most secure physical wallet in the crypto world, has been a victim of this type of vulnerability, which has leaked the personal data of more than one million of the company's users.
In 2020, the company warned its users about a possible phishing campaign, after the personal data of its users was exposed in a violation of your marketing and e-commerce service. Even in 2021, a user warned that he had received a Fake Ledger hardware device, which had been altered, in order to trick you into stealing your cryptocurrencies once you set up your wallet.
Luckily, the user noticed several signs that exposed the scam attempt and indicated that he had only bought a Ledger to give it as a gift, so he did not actually own cryptocurrencies. This phishing attack was possible due to the security vulnerability that Ledger suffered a year earlier.
Similar situations have occurred with the physical wallet cold card and even with other entities not directly related to the world of cryptocurrencies, such as the internet domain company GoDaddy, the social platform Facebook, the network of professionals LinkedIn and even the United States government agencies, such as the Treasury Department and the Department of Commerce.
Bit2Me, focused on the security of its users
Currently, security errors and vulnerabilities in computer systems have become the Achilles heel of many companies that provide services on the Internet.
For this reason, Bit2Me highlights the importance of implementing strict cybersecurity measures to guarantee security in the digital ecosystem.
Bit2Me obtained accreditation ISO 27001, in November 2022, certifying itself as a company that meets the highest standards of security and transparency, to guarantee the protection and trust of its clients and investors.
A year later, in November 2023, Bit2Me was named in the report "The New Crypto Exchange Standards", from Cointelegraph Research, as one of the most trusted cryptocurrency exchange platforms in the world, earning a score of 8 out of 10 in the area of cybersecurity. With this, the company positions itself ahead of other well-known exchanges, such as Binance and Coinbase, as one of the most reliable and secure.
Continue reading: Brilliantcrypto, the trendy Web3 game in Japan, chooses Bit2Me as the first exchange for its global expansion
