Trezor says it’s phishing, not a SIM swap, but a hacked X account.
SatoshiLabs, a company that designs and markets Trezor crypto hardware wallets, has detailed an incident that led it to post fraudulent presale token ads on its official X account.
The company said the security breach was not a SIM swap attack it suspected at the time, but a phishing attack.
SatoshiLabs emphasizes that it does not use a mobile device for two-factor authentication, instead opting for more secure authentication methods.
Despite these precautions, attackers have made a series of unauthorized and misleading posts, including asking users to send funds to unknown wallet addresses alongside malicious links that have sent users to fake token presale sites.
Independent blockchain sleuth ZachXBT notified his 528,000 followers of the alleged Trezor breach on X in a March 19 X post.
Trezor, a hardware wallet manufacturer, has published a series of posts directing users to fraudulent pre-sale token offers.
Satoshi Labs announced on March 19 that it discovered unauthorized access to its X account. It now suspects that it is a sophisticated and deliberate phishing attack planned by hackers for several weeks.
Once SatoshiLabs discovered the breach, the fraudulent posts were immediately identified and removed, limiting damage. The company said:
“We would like to emphasize here that the security of all our products has not been affected. This incident has not affected or compromised the security of Trezor hardware wallets or any of our other products.”
As of February 29, research shows that the attackers are a trusted entity in the cryptosphere. They maintain a compelling social media presence and engage in seemingly authentic conversations.
RELATED: HECO Chain Exploit Hides $145M Ether In 8 Days On Tornado Cash
Posing as a well-established X account with thousands of followers, the importer contacted SatoshiLabs' PR team and suggested an interview with the CEO. Following this, a meeting is arranged, during which the importer shares a malicious link that looks like a calendar invitation.
A team member clicked on a calendar link and was asked to provide their X login credentials, raising suspicions. However, the meeting was postponed. In the next session – pretending to be experiencing technical issues – the attacker was able to link their calendar to SatoshiLabs' X account.
Trezor suffered a security breach in January that exposed the contact information of nearly 66,000 users. According to the company's website, the wallet maker launched in 2015. Since its launch in 2012, it has sold over two million hardware bags.
Magazine: $3.4B Bitcoin in a Popcorn Can – The Story of a Silk Road Hacker