SatoshiLabs, the company behind the Trezor crypto hardware wallet, has provided a detailed account of the events leading to a fraudulent pre-sale token announcement on its official X account. Contrary to initial suspicions of a SIM swapping attack, SatoshiLabs attributes the security breach to a phishing attack.
Emphasizing their commitment to robust security measures, SatoshiLabs clarified that they do not rely on mobile devices for two-factor authentication, opting instead for more secure authentication methods. Despite these precautions, unauthorized and misleading posts, including requests for fund transfers to unidentified wallet addresses, were published by the attackers on the official X account.
Independent blockchain analyst ZachXBT raised awareness of Trezor's alleged breach in a post on X, informing his significant following about the incident. SatoshiLabs promptly identified and removed the deceptive posts upon detecting unauthorized access to their X account on March 19. The company suspects the attack was a sophisticated and premeditated phishing scheme orchestrated by hackers over several weeks.
Assuring users of the integrity of their products, SatoshiLabs stated that the incident did not compromise the security of the Trezor hardware wallet or any other products. The swift removal of deceptive posts mitigated potential damages, affirming SatoshiLabs' commitment to user security.
The investigation revealed that the attackers impersonated trusted entities within the cryptocurrency space, maintaining a convincing social media presence. They engaged in discussions that appeared genuine, ultimately gaining access to SatoshiLabs' X account through a sophisticated phishing attempt disguised as a calendar invitation.
Earlier in January, Trezor experienced a security breach that exposed the contact information of approximately 66,000 users. Despite these challenges, the company remains steadfast in its commitment to user security, having sold over 2 million hardware wallets since its inception in 2012, as indicated on their website.
