Trezor Suffers Major Ransomware Attack; 74,000 Devices Compromised with Malicious Firmware

Summary

Trezor, a leading cryptocurrency hardware wallet provider, disclosed a critical ransomware attack on its server infrastructure that occurred on March 10, 2026. Threat actors gained unauthorized access and installed ransomware that compromised the firmware distribution systems, resulting in approximately 74,000 devices receiving malicious firmware updates. The compromised firmware contained vulnerabilities that enabled unauthorized access to user wallets, with confirmed reports of approximately 3,800 users experiencing unauthorized transactions.

In response, Trezor has released Security Patch 2.6.4, an emergency firmware update designed to remove malicious code, restore device security to factory specifications, and implement enhanced safeguards including improved cryptographic verification and transaction monitoring. The company has also completely rebuilt its server infrastructure with enhanced security measures and is working with cybersecurity experts and law enforcement to investigate the incident.

Trezor is establishing a compensation program for affected users and has implemented additional security measures including enhanced audits and a bug bounty program. The company has urged all users to immediately install the security patch, review their transaction history for unauthorized activity, and consider generating new recovery seeds and wallets for maximum security going forward.

• Trezor is rebuilding infrastructure, establishing a compensation program, and implementing enhanced security audits and bug bounty programs
• Users are advised to immediately update firmware, review transaction history, and consider creating new wallets for maximum security