Trust Wallet discloses Jan. 17 third-party breach


Trust Wallet discloses Jan. 17 third-party breach

Hackers attacked a Binance-backed Trust Wallet on Jan. 17 but failed to compromise any meaningful customer data thanks to the provider’s quick reaction.

In a Jan. 29 X post, Trust Wallet disclosed a security breach suffered by its third-party customer support service. The issue was discovered during a routine security check and swiftly addressed so no user funds were lost.

Private keys or seed phrases were not stolen, and the attackers only managed to briefly interact with a filing system maintained between Trust Wallet and its customer service firm.

The unauthorized access was limited to the names/nicknames and email addresses used to file a support ticket with us via the third-party system. The inner contents of tickets were not accessed.

Trust Wallet X post

Hey Trust Wallet Customer Support Users,

On January 17, 2024, the third-party customer support service we use experienced a security breach.

Firstly, no user funds were at risk from the breach. We swiftly contained and mitigated the issue, found during a routine security check.…

— Trust Wallet (@TrustWallet) January 29, 2024

You might also like: Scammers drained nearly $300m in 2023, data shows

The statement pointed to phishing scammers as the culprits. Phishers mimic a business or service, presenting users with a malicious copy of the original platform. The aim is usually to gain access to sensitive information and ultimately steal funds from unsuspecting victims.

A deluge of phishing campaigns has already been launched against crypto-native entities in the year’s first month. Users of Trezor, a hardware wallet maker, were exposed to phishing emails that left over 66,000 customers vulnerable. The phishers disguised themselves as Trezor team members, seeking to obtain wallet credentials solely known by individual users.

Around the same time, a crypto researcher discovered over $4.2 million in Ether-related (ETH) cryptocurrencies stolen using an operations code. The malware created new addresses and redirected funds to these wallets after each signature, leaving the victim to think they were signing genuine transactions.

Coingecko, Cointelegraph, De.Fi, Token Terminal, and WalletConnect to name a few are some other platforms caught in the ongoing siege of crypto phishers. These scammers are also reportedly moonlighting as crypto journalists, spreading fake Calendly links via social media.


Leave A Reply

Your email address will not be published.