SatoshiLabs, the company behind Trezor X, has issued a detailed explanation of an incident that led to the posting of fraudulent presale token announcements on its official X account.
The company said it was a phishing attack that caused the security breach and not a SIM swap attack, which was suspected at the time.
SatoshiLabs emphasized that they do not use SMS for two-factor authentication (2FA), opting for more secure authentication methods.
Despite these precautions, attackers made a series of unauthorized and misleading posts. These included requests for users to send funds to an unidentified wallet address alongside harmful links, sending users to a bogus token presale.
Independent blockchain sleuth ZachXBT notified his 528,000 followers on X of Trezor’s suspected breach in a March 19 post on X.
The official X account of hardware wallet manufacturer Trezor published a series of nefarious posts pointing to fraudulent presale token offerings.
SatoshiLabs disclosed that they detected unauthorized entry into their X account on March 19. It is suspected to be a sophisticated and premeditated phishing attack planned by hackers over several weeks.
Once SatoshiLabs’ became aware of the breach, the deceptive posts were promptly identified and removed, limiting potential damage. The company said :
“We want to stress here that the security of all our products remains unaffected. This incident has in no way impacted or compromised the security of Trezor hardware wallets or any of our other products.”
The breach of SatoshiLabs’ X account stemmed from an elaborate phishing scheme executed over several weeks. Investigations indicate that starting on Feb. 29, the attackers posed as a credible entity in the cryptosphere. They maintained a convincing social media presence and engaged in seemingly authentic discussions.
Related: HECO Chain exploiter anonymizes $145M of Ether on Tornado Cash in 8 days
Under the guise of a well-established X account with thousands of followers, the impersonator contacted SatoshiLabs’ PR team, suggesting an interview with the CEO. Following this, a meeting was arranged, during which the impersonator shared a malicious link disguised as a Calendly calendar invitation.
A team member was prompted for their X login credentials on clicking the calendar link, raising suspicion. However, the meeting was rescheduled. In the next session, feigning technical issues, the attacker succeeded in linking their Calendly to SatoshiLabs’ X account.
Trezor suffered a security breach in January that exposed the contact information of nearly 66,000 users. According to the firm’s website, the wallet maker has sold over two million hardware wallets since it launched in 2012.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story
