Trezor Reveals Phishing, Not SIM Swap, as Cause of Compromised X Account
SatoshiLabs has disclosed that it suspects a sophisticated and premeditated phishing attack orchestrated by hackers over several weeks to be the cause of the compromise.
The company, renowned for designing and marketing Trezor crypto hardware wallets, has provided a detailed account of an incident resulting in the posting of fraudulent presale token announcements on its official X account.
Contrary to initial suspicions of a SIM-swap attack, SatoshiLabs has determined that the security breach was a result of a phishing attack.
It’s highlighted that the company doesn’t employ a mobile device for two-factor authentication, opting for alternative security measures.
Despite these precautions, unauthorized and misleading posts were made by attackers, including requests for users to send funds to an undisclosed wallet address alongside harmful links redirecting users to a bogus token presale site.
Blockchain analyst ZachXBT, with a following of 528,000 on X, alerted his audience to Trezor’s suspected breach in a March 19 X post.
SatoshiLabs’ official X account, which belongs to the hardware wallet manufacturer Trezor, was utilized to publish a series of posts guiding users to fraudulent presale token offerings.
The breach into SatoshiLabs’ X account was detected on March 19, with suspicions raised of a sophisticated and premeditated phishing attack orchestrated by hackers over several weeks.
Once the breach was identified, the deceptive posts were swiftly removed to minimize damage. SatoshiLabs emphasized that the security of its products, including Trezor hardware wallets, remains unaffected.
Investigations suggest that beginning on Feb. 29, the attackers assumed the identities of credible entities within the crypto sphere, maintaining a convincing social media presence and engaging in seemingly authentic discussions.
Under the guise of a reputable X account with a substantial following, the impersonator contacted SatoshiLabs’ public relations team, proposing an interview with the CEO. Subsequently, a meeting was arranged, during which the impersonator shared a malicious link disguised as a Calendly calendar invitation.
Upon clicking the calendar link, prompting for X login credentials, suspicions were raised. Although the meeting was rescheduled, the attacker managed to link their Calendly to SatoshiLabs’ X account in a subsequent session, under the pretense of facing technical issues.
Trezor previously experienced a security breach in January, exposing the contact information of nearly 66,000 users. The wallet maker, which has sold over two million hardware wallets since its inception in 2012, continues to investigate and reinforce its security measures.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.