VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Trezor, the manufacturer of encrypted hardware wallets, has announced that it is currently investigating a security incident that occurred on January 17, 2024. Unauthorized access was detected to the third-party support portal used by Trezor. No damage has been inflicted on customers' digital assets. Internal audits indicate that the exposure might be limited to information of customers who have interacted with Trezor Support since December 2021, encompassing only email and names/nicknames. Attack method (per SlowMist): Third-party Vulnerability. Reported loss: -.
Primary source
https://blog.trezor.io/trezor-security-update-stay-vigilant-against-potential-phishing-attack-bb05015a21f8 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Trezor
- bug_class
- infrastructure
- date_occurred
- 2024-01-17
- loss_usd
- —
- source_id
- sm:trezor::2024-01-17
Related — same bug class· infrastructure