Crypto News– SatoshiLabs, the company behind Trezor crypto hardware wallets, has provided a detailed account of an incident involving the posting of fraudulent presale token announcements on its official account, X.
Trezor attributes the compromise of Account X to phishing rather than SIM swap
The company clarified that the security breach resulted from a phishing attack, contrary to initial suspicions of a SIM-swap attack.
Emphasizing their reliance on more secure authentication methods instead of mobile-based two-factor authentication, SatoshiLabs outlined the measures they employ.
Despite these precautions, unauthorized and misleading posts were made by attackers, urging users to transfer funds to an unidentified wallet address along with harmful links redirecting to a fake token presale site.
Independent blockchain investigator ZachXBT alerted his 528,000 followers about Trezor’s suspected breach in a post on X on March 19.
🚨Update on our X account security incident🚨
— Trezor (@Trezor) March 21, 2024
Earlier this week, we experienced a breach of our X account due to a sophisticated phishing attack.
Immediate actions were taken to secure our account & no product security was compromised.
For more,
👉 https://t.co/ZZOHSNtI9u
Trezor’s official account, X, was used to disseminate posts promoting fraudulent presale token offerings. SatoshiLabs confirmed unauthorized access to its X account on March 19, suspecting a sophisticated phishing attack orchestrated by hackers over several weeks.
The impersonator, posing as the legitimate X account holder with thousands of followers, reached out to SatoshiLabs‘ public relations team proposing an interview with the CEO. During a subsequent meeting, the impersonator shared a malicious link disguised as a Calendly calendar invitation.
Upon clicking the link, a team member was prompted to provide their X login credentials, raising suspicion. Although the meeting was rescheduled, the attacker, feigning technical difficulties, managed to link their Calendly to SatoshiLabs’ X account in the next session.
Trezor experienced a security breach in January, exposing the contact details of nearly 66,000 users. According to the company’s website, over two million hardware wallets have been sold since its launch in 2012.
Leave a comment