Key points of the news:
- Trezor’s official Twitter account, known as X, was compromised in a sophisticated phishing attack.
- Despite security measures, the attackers managed to publish fraudulent messages requesting funds and links to fake token sales.
- SatoshiLabs, the company behind Trezor, assures that the safety of its products was not compromised and is conducting a thorough investigation into the incident.
The company SatoshiLabs, maker of the popular Trezor hardware wallets, has revealed that its official X account, formerly known as Trezor X, was the victim of a sophisticated phishing attack.
🚨Update on our X account security incident🚨
Earlier this week, we experienced a breach of our X account due to a sophisticated phishing attack.
Immediate actions were taken to secure our account & no product security was compromised.
For more,
👉 https://t.co/ZZOHSNtI9u— Trezor (@Trezor) March 21, 2024
Despite having rigorous security measures in place, including strong passwords and two-factor authentication, the attackers managed to compromise the account and post fraudulent messages.
According to the preliminary report provided by SatoshiLabs, the attackers began their operation weeks before the incident, presenting themselves as a credible entity within the crypto space.
Using compelling social media management and engaging in genuine conversations, they managed to establish contact with the SatoshiLabs PR team.
The culmination of the attack in Trezor occurred during an alleged scheduled interview with the company’s CEO
During this call, the attackers shared a malicious link disguised as a Calendly invitation.
When a team member clicked the link, they were prompted to enter X’s login credentials, which raised immediate suspicion and led to the cessation of the interaction.
Despite the attackers attempts to restart the call and gain access to SatoshiLabs X account, the company detected the unauthorized activity and quickly removed the fraudulent messages.
Moreover, in an effort to bolster security measures, all active sessions, including those initiated by third-party applications, were promptly revoked as a precautionary step against further unauthorized access.
SatoshiLabs emphasizes that the security of its products, including Trezor and Trezor Suite hardware wallets, was not compromised in this incident.
The company has launched a thorough investigation to identify the methods used by attackers and further strengthen its security measures.
The attack on X’s account highlights the importance of constant vigilance and taking proactive security measures in the digital environment, even for companies with established reputations in the crypto space.