Trezor Explains Account Hack, Claims Your Funds Are Safe After Twitter Phishing Attack

Key Takeaways

• Trezor hack: Phishing, not SIM swap, behind compromised X account.
• Attackers impersonated a credible entity and tricked a team member into granting unauthorized access.
• Trezor says only social media is compromised and hardware wallets are safe.
• Trezor quickly removed fraudulent posts and took steps to prevent further unauthorized access.

Following CCN’s coverage of a security breach on Trezor’s official Twitter account, which led to the posting of fraudulent presale token announcements, SatoshiLabs, the company behind Trezor X, issued  a detailed explanation of the incident.

The breach was, at the time, suspected to be a SIM swap attack.

Trezor Reacts Quickly After X Account Hack, User Funds Safe

The situation began on March 19. On that date, blockchain investigator ZachXBT alerted  his 528,000 followers about a possible security breach at Trezor. Not long after, crypto security firm Scam Sniffer also detected and flagged  this suspicious activity.

SatoshiLabs reported  that they detected unauthorized access to their X account at 11:53 PM on Tuesday, March 19. It said this happened despite its robust security measures, such as strong passwords and two-factor authentication. The breach is believed to be a complex and premeditated phishing attack, which hackers prepared for several weeks.

The company said :

“We want to stress here that the security of all our products remains unaffected. This incident has in no way impacted or compromised the security of Trezor hardware wallets or any of our other products. Your Trezor device and Trezor Suite remain safe to use.”

SatoshiLabs has emphasized that they do not use SMS for two-factor authentication (2FA), opting instead for what they say are more secure authentication methods. Despite these precautions, attackers managed to make a series of unauthorized and misleading posts. These included requests for users to send funds to an unidentified wallet address, alongside harmful links sending users to a bogus token presale.

Once SatoshiLabs’ became aware of the breach, the deceptive posts were promptly identified and removed, limiting potential damage.

Fake Crypto Interview Leads to SatoshiLabs X Account Takeover

SatoshiLabs’ X account breach was traced back to a meticulously planned phishing attack, which took place over several weeks. Investigations reveal that, from February 29, 2024, attackers masqueraded as a reputable entity within the crypto community. They even had a convincing social media presence and took part in seemingly genuine conversations.

Posing as an X account with thousands of followers, the impersonator contacted SatoshiLabs’ PR team, proposing an interview with the CEO. They set up a meeting which, eventually, led to the sharing of a malicious link under the guise of a Calendl y invitation.

Upon clicking the link, a team member was directed to a page asking for X login details. This immediately raised red flags. Although they halted the initial interaction, the meeting was rescheduled. During this rescheduled meeting, the attacker, feigning technical difficulties, convinced the team member to “authorize” a connection for joining the call. This, essentially, linked the attacker’s Calendly app with SatoshiLabs’ X account. The unauthorized connection allowed the attacker to post fraudulent tweets on behalf of SatoshiLabs.

SatoshiLabs Shuts Down Hacked Account, Launches Security Audit

SatoshiLabs’ immediate response to the incident tried to minimize its impact. They quickly removed the offending posts and terminated all active sessions, including those associated with third-party applications, to halt any further unauthorized access. This swift action was critical in controlling the situation and preventing additional damage.

Following these initial steps, SatoshiLabs embarked on a thorough security audit aimed at investigating the breach in its entirety. The audit wants uncover how attackers were able to circumvent SatoshiLabs’ security protocols. The overall goal is to identify the specific methods the hackers used. It also wants to implement measures which could prevent similar incidents in the future.

About the Author

Teuta Franjkovic

Teuta is a seasoned writer and editor with more than 15 years of experience. She has expertise in covering macroeconomics and technology as well as the cryptocurrency and blockchain industries. She has worked for several publications as a journalist and editor, including Forbes, Bloomberg, CoinTelegraph, Coin Rivet, CoinSpeaker, VRWorld and Arcane Bear. Teuta began her professional career in 2005, working as a lifestyle writer at Cosmopolitan in Croatia. From there, she branched out to several other publications, covering mainly business and the economy. She then turned her attention to the world of cryptocurrency and blockchain, believing that crypto is among the most important inventions in the history of humanity. Her involvement in fintech began in 2014 and she has since lent her expertise in writing, editing and gathering information about the world of crypto, blockchain, NFTs and Web3. An all-round news hound, mentor, editor, and writer, Teuta enjoys teamwork and good communication. She holds a WSET2 diploma and has a thing for chablis, punkrock music and shoes. She also holds a double MA in Political science and Entrepreneurship.

See more

[email protected] LinkedIn Twitter