Trezor, the company that designs and markets crypto hardware wallets, released a detailed statement regarding an incident that led to the publication of fraudulent pre-sale token announcements on its official X account. The company stated that the security breach stemmed from a phishing attack, not the SIM swap attack it initially suspected. SatoshiLabs emphasized that it does not use a mobile device for two-factor authentication, preferring instead to use f’.
Trezor’s X Account Compromised
Despite the precautions taken by the team, attackers made a series of unauthorized and misleading shares, including malicious links that directed users to a fake token pre-sale site and requests to send money to an unidentified wallet address. Independent blockchain detective ZachXBT alerted his 528,000 followers to Trezor’s suspicious breach in a post dated March 19.
The official X account of hardware wallet manufacturer Trezor published a series of posts directing users to fake pre-sale token offers. SatoshiLabs announced on March 19 that unauthorized access had been made to the X account. It is now suspected that this was a sophisticated and pre-planned phishing attack orchestrated by hackers over several weeks.
SatoshiLabs immediately identified and removed the deceptive posts when the breach was discovered, limiting the damage. The company stated the following:
“We want to emphasize that the security of all our products has not been compromised. This incident has not affected or endangered the security of Trezor hardware wallets or any of our other products in any way.”
Key Details on the Trezor Incident
Investigations show that since February 29, attackers behaved like trusted assets in the crypto market. They maintained a convincing social media presence and appeared to engage in genuine discussions. Under the guise of an established X account with thousands of followers, the impersonator SatoshiLabs’ PR team was contacted and proposed an interview with the CEO. Subsequently, a meeting was arranged where the impersonator shared a malicious link disguised as a Calendly calendar invitation.
Suspicion was aroused when a team member who clicked on the calendar link was asked for X login details. However, the meeting was rescheduled. In the next session, the attacker, pretending to face technical issues, managed to connect to SatoshiLabs’ X account. Trezor experienced a security breach in January that exposed the contact information of about 66,000 users. According to the company’s website, the wallet manufacturer has sold over two million hardware wallets since its launch in 2012.
