Trezor X Account Hit by Phishing Attack, Not SIM Swap

Trezor, the hardware wallet provider, has clarified that a phishing attack, not a SIM swap, compromised its official Twitter account, leading to fraudulent token presale announcements. Despite robust security measures, attackers gained access to the account, posting malicious links and requesting funds. Trezor emphasizes that the security of its hardware wallets remains unaffected and has taken steps to mitigate further damage.

SatoshiLabs Details Trezor X Account Phishing Attack

SatoshiLabs, the manufacturer of Trezor crypto hardware wallets, has provided a comprehensive account of an incident involving fraudulent token presale announcements posted on its official Twitter account.

Phishing Attack, Not SIM Swap

The company clarified that the security breach was attributed to a phishing attack, contrary to its initial suspicion of a SIM-swap attack. SatoshiLabs emphasized that it does not employ mobile devices for two-factor authentication, utilizing more secure methods instead.

Unauthorized Posts and Harmful Links

Despite these safeguards, attackers managed to post a series of unauthorized and misleading tweets, soliciting funds from users to an unidentified wallet address. Additionally, harmful links were included, redirecting users to a bogus token presale website.

Blockchain Sleuth's Notification

Independent blockchain sleuth ZachXBT alerted his 528,000 Twitter followers of Trezor's suspected breach on March 19th.

Unauthorized Access to Twitter Account

SatoshiLabs confirmed unauthorized entry into its Twitter account on March 19th. Investigations revealed a sophisticated and premeditated phishing attack orchestrated by hackers over several weeks.

Prompt Removal of Deceptive Posts

Upon discovering the breach, SatoshiLabs swiftly identified and removed the deceptive posts, mitigating potential damage. The company stated: "We want to stress here that the security of all our products remains unaffected. This incident has in no way impacted or compromised the security of Trezor hardware wallets or any of our other products."

Attackers' Sophisticated Tactics

Investigations indicated that the attackers posed as reputable entities in the cryptocurrency community starting on February 29th. They maintained a credible social media presence and engaged in seemingly genuine discussions.

Impersonation and Malicious Link

Impersonating a well-established Twitter account with thousands of followers, the attacker contacted SatoshiLabs' public relations team, proposing an interview with the CEO. A meeting was subsequently scheduled, during which the impersonator shared a malicious link disguised as a Calendly calendar invitation.

Compromised Login Credentials

Clicking the calendar link prompted a team member to enter their Twitter login credentials, raising suspicion. However, the meeting was rescheduled. In the next session, the attacker, feigning technical difficulties, successfully linked their Calendly account to SatoshiLabs' Twitter account.

Previous Security Breach

In January, Trezor experienced a security breach that exposed the contact information of approximately 66,000 users. According to the company's website, it has sold over two million hardware wallets since its inception in 2012.

Conclusion

SatoshiLabs' detailed account of the phishing attack highlights the importance of vigilance in cybersecurity. The company's emphasis on secure authentication methods and prompt response to the breach underscore its commitment to safeguarding its users' assets.