Home / News / Business / Trezor Explains Account Hack, Claims Your Funds Are Safe After Twitter Phishing Attack
5 min read

Trezor Explains Account Hack, Claims Your Funds Are Safe After Twitter Phishing Attack

Published March 22, 2024 8:34 AM
Teuta Franjkovic
Published March 22, 2024 8:34 AM
By Teuta Franjkovic
Verified by Peter Henn

Key Takeaways

  • Trezor hack: Phishing, not SIM swap, behind compromised X account.
  • Attackers impersonated a credible entity and tricked a team member into granting unauthorized access.
  • Trezor says only social media is compromised and hardware wallets are safe.
  • Trezor quickly removed fraudulent posts and took steps to prevent further unauthorized access.

Following CCN’s coverage of a security breach on Trezor’s official Twitter account, which led to the posting of fraudulent presale token announcements, SatoshiLabs, the company behind Trezor X, issued  a detailed explanation of the incident.

The breach was, at the time, suspected to be a SIM swap attack.

Trezor Reacts Quickly After X Account Hack, User Funds Safe

The situation began on March 19. On that date, blockchain investigator ZachXBT alerted  his 528,000 followers about a possible security breach at Trezor. Not long after, crypto security firm Scam Sniffer also detected and flagged  this suspicious activity.

SatoshiLabs reported  that they detected unauthorized access to their X account at 11:53 PM on Tuesday, March 19. It said this happened despite its robust security measures, such as strong passwords and two-factor authentication. The breach is believed to be a complex and premeditated phishing attack, which hackers prepared for several weeks.

The company said :

“We want to stress here that the security of all our products remains unaffected. This incident has in no way impacted or compromised the security of Trezor hardware wallets or any of our other products. Your Trezor device and Trezor Suite remain safe to use.”

SatoshiLabs has emphasized that they do not use SMS for two-factor authentication (2FA), opting instead for what they say are more secure authentication methods. Despite these precautions, attackers managed to make a series of unauthorized and misleading posts. These included requests for users to send funds to an unidentified wallet address, alongside harmful links sending users to a bogus token presale.

Once SatoshiLabs’ became aware of the breach, the deceptive posts were promptly identified and removed, limiting potential damage.

Fake Crypto Interview Leads to SatoshiLabs X Account Takeover

SatoshiLabs’ X account breach was traced back to a meticulously planned phishing attack, which took place over several weeks. Investigations reveal that, from February 29, 2024, attackers masqueraded as a reputable entity within the crypto community. They even had a convincing social media presence and took part in seemingly genuine conversations.

Posing as an X account with thousands of followers, the impersonator contacted SatoshiLabs’ PR team, proposing an interview with the CEO. They set up a meeting which, eventually, led to the sharing of a malicious link under the guise of a Calendl y invitation.

Upon clicking the link, a team member was directed to a page asking for X login details. This immediately raised red flags. Although they halted the initial interaction, the meeting was rescheduled. During this rescheduled meeting, the attacker, feigning technical difficulties, convinced the team member to “authorize” a connection for joining the call. This, essentially, linked the attacker’s Calendly app with SatoshiLabs’ X account. The unauthorized connection allowed the attacker to post fraudulent tweets on behalf of SatoshiLabs.

SatoshiLabs Shuts Down Hacked Account, Launches Security Audit

SatoshiLabs’ immediate response to the incident tried to minimize its impact. They quickly removed the offending posts and terminated all active sessions, including those associated with third-party applications, to halt any further unauthorized access. This swift action was critical in controlling the situation and preventing additional damage.

Following these initial steps, SatoshiLabs embarked on a thorough security audit aimed at investigating the breach in its entirety. The audit wants uncover how attackers were able to circumvent SatoshiLabs’ security protocols. The overall goal is to identify the specific methods the hackers used. It also wants to implement measures which could prevent similar incidents in the future.

Since its founding in 2013, Trezor has established itself as the world’s first hardware wallet. Despite the recent security incident involving an external social account, Trezor wanted to reassure users the security integrity of all its products and internal systems remains uncompromised and as robust as ever.

The company stated that the breach of the social media account  did not, in any way, undermine the security of Trezor wallets. These, Trezor claims, are meticulously designed to safeguard digital assets offline, away from online threats.

However, according to Trezor, the sophisticated nature of the hack, which unfolded over several weeks, has prompted an ongoing review and enhancement of security measures for all external communication channels to prevent future incidents.

Was this Article helpful? Yes No