Trezor Clarifies Security Breach: Phishing Attack Identified as Cause of Compromised X Account
SatoshiLabs, the company behind Trezor hardware crypto wallets, announced on March 21 that the recent compromise of its X (formerly Twitter) account resulted from a phishing scam and not a SIM-swap attack as earlier suspected.
The hardware wallet also shared that only its X social media account was compromised and guaranteed the safety of all wallets for crypto transactions and storage.
Trezor Confirms No Trezor Account or Funds Were Compromised
Cryptonews recently reported the breach of Trezor’s X account when popular blockchain and crypto security investigator ZachXBT alerted his 533K followers about the compromise of the hardware wallet page.
Community alert: Trezor X/Twitter account is currently compromised pic.twitter.com/hNm2OUjEgE
— ZachXBT (@zachxbt) March 19, 2024
Soon after, crypto security firm Scam Sniffer detected the suspicious activity and warned crypto traders to steer clear.
According to SatoshiLab’s detailed report via Medium, the unauthorized access to their X account was identified at 11:53 PM on March 19, scaling past a series of security protocols, including two-factor authentication (2FA) and a strong password.
🚨Update on our X account security incident🚨
Earlier this week, we experienced a breach of our X account due to a sophisticated phishing attack.
Immediate actions were taken to secure our account & no product security was compromised.
For more,
👉 https://t.co/ZZOHSNtI9u— Trezor (@Trezor) March 21, 2024
Nevertheless, the hardware wallet producers stated that all compromises have been resolved, and accounts on its ecosystem were safe.
“We want to stress here that the security of all our products remains unaffected,” SatoshiLabs said. “This incident has not impacted or compromised the security of Trezor hardware wallets or our other products. Your Trezor device and Trezor Suite remain safe.”
It is worth noting that the hardware wallet’s X account was used to promote a $TRZR presale on the Solana blockchain network during the breach, to deceive traders into sending funds into a Solana wallet.
The post also mentioned a new Solana memecoin named Slerf to attract more attention and directed crypto investors to click on a malicious link designed to connect to their wallets and wipe off all assets and funds stored. These posts were deleted shortly after.
Popular Web3 security investigator John Holmquist said the hardware wallet breach was due to neglecting to implement two-factor authentication (2FA).
Trezor is not having a presale.
Trezor's account is compromised…
Good time to mention you can use a Trezor as a security key for 2FA to secure your Twitter account?
Absolutely major L from a security company, please take account security more seriously. pic.twitter.com/ZQtgqdRx6G
— Jon_HQ (@Jon_HQ) March 19, 2024
This was off the mark, however, as SatoshiLab highlighted that its X account had 2FA and other security measures active. It is still unknown if there will be an impending investigation to identify the perpetrator(s).
Trezor Asserts Phishing Attack Was in the Works for Weeks
SatoshiLab further stressed that the official X account breach was a complex and calculated phishing attack that had been in the works for weeks.
The company’s investigation revealed that the plan kicked off on February 29, 2024. The bad actors created a faux entity in the crypto sector that convinced members of crypto communities of its high reputation.
Although the entity’s name was left out in the report, it was noted that the bad actor participated in genuine crypto conversations to boost its media presence, grew their followership to thousands, and reached out to SatoshiLab’s PR team for an interview with the wallet firm’s CEO.
This led to a meeting being set up and a malicious link being shared under the guise of a Calendly invitation. The firm’s PR team member clicked the link and was directed to a page asking for X login details, which raised red flags and halted initial plans for an interview and a suggested reschedule.
During the rescheduled meeting, the attacker notified Trezor’s team members of technical issues and urged for a call authorization, which linked the attacker’s Calendly app with SatoshiLab’s X account.
The breach then enabled the bad actors to promote fraudulent crypto and malicious links on behalf of the hardware wallet. This was what ZachXBT detected, which made him alert his followers.
