On March 19, Trezor’s X suffered a security breach that exposed the account’s 200,000 followers to a fake crypto presale. After the alarms were raised, most crypto users stayed vigilant while the hardware wallet company regained control.
Trezor’s team recently published a preliminary report addressing the concerns. The post also explained the elaborate phishing scam that bypassed the company’s security measures.
Is Trezor’s “Unwavering Security” Still Protecting Your Crypto?
After gaining control of the account, the hacker posted a fake presale address for a $TRZR token. Disguised as an “initiative” to help the Slerf community, the post offered a “separate bonus airdrop” from a website linked in the post that redirected to a wallet drainer.
After Trezor regained control of the account, X users expressed their worries about the incident and suggested that the hack was a “bad look” on the security-focused company. However, the company guaranteed that they had “robust security measures.”
We want to clarify that we do not make use of SMS for 2FA, and instead employ more secure methods of authentication.
The company finally addressed users’ concerns in a preliminary report. The hack is possible due to a “sophisticated phishing scam” instead of a lack of basic security measures.
The company is based on “unwavering security,” the post states; as such, all products and internal systems remain unaffected despite the breach.
Sophisticated Phishing Scam Steals Pocket Change
According to Trezor, the ongoing investigation has revealed that “the breach appears to have arisen from a sophisticated and calculated phishing attack that was in the works for weeks.”
The calculated scheme began on February 29 after the attacker posed for a “credible entity” from the crypto industry. At the time of writing, the identity of the impersonated figure was not revealed.
The attacker contacted Trezor’s PR team through X using a “well-crafted social media presence.” The seemingly genuine contact aimed to schedule an interview with the company’s CEO.
According to the report, the attacker and the team had a back-and-forth conversation over several days, which made the efforts to stage a call seem more credible. However, the call agreement led to the click of the link that granted access to Trezor’s X account.
The malicious link was disguised as a Calendly invite that, upon clicking, redirected a Trezor’s team member to a page requesting the X login credentials. The team rescheduled the call as the incident raised red flags.
During the rescheduled call, the attacker pretended to have technical issues and urged Trezor’s team member “to ‘authorize’ joining the call.” This authorization connected the hacker’s Calendly app with the company’s X account. As a result, the attacker gained access to the account and published the now-deleted posts.
he got a whopping 0.96 Solana as well pic.twitter.com/zqHjxM8EOI
— xc (@Theft) March 19, 2024
The hacker only stole $8,100 from the malicious link redirecting to the wallet drainer. Impressively, just 0.96 SOL (around $162,4 at writing time’s pricing) were sent to the fake presale address.
Undoubtedly, the attack was a calculated and elaborate scheme that aimed to become a big heist. However, the hacker’s attempt was halted by the crypto community surveillance and the suspicious nature of the unauthorized posts.