SatoshiLabs, the company behind the popular Trezor crypto hardware wallets, has provided a detailed account of a recent incident involving fraudulent presale token announcements on its official X account. The company clarified that the breach was a result of a phishing attack, not a SIM-swap attack as initially suspected.
SatoshiLabs made it clear that they do not use mobile devices for two-factor authentication, opting for an alternative method instead. However, despite these precautions, unauthorized individuals managed to make misleading posts on their official account. These posts included requests for users to send funds to an unknown wallet address along with harmful links that redirected users to a fake token presale site.
ZachXBT, an independent blockchain investigator, alerted his 528,000 followers on X about the suspected breach in a post on March 19th. The official X account of Trezor, a hardware wallet manufacturer, published a series of posts promoting fraudulent presale token offerings.
SatoshiLabs revealed that they detected unauthorized access to their X account on March 19th. They now believe that this was a well-planned and sophisticated phishing attack orchestrated by hackers over several weeks.
Once the breach was discovered, SatoshiLabs promptly identified and removed the deceptive posts, minimizing the potential damage. The company stated that investigations revealed the attackers posed as credible entities in the crypto community, maintaining a convincing presence on social media and engaging in seemingly authentic discussions.
Under the guise of an established X account with numerous followers, the impersonator contacted SatoshiLabs’ public relations team, proposing an interview with the CEO. This led to a scheduled meeting where the impersonator shared a malicious link disguised as a Calendly calendar invitation.
During the meeting, a team member was prompted to provide their X login credentials by clicking the calendar link, raising suspicions. However, the meeting was rescheduled. In the subsequent session, the attacker, pretending to face technical difficulties, managed to link their Calendly account to SatoshiLabs’ X account.
It’s worth noting that Trezor experienced a security breach in January, which resulted in the exposure of contact information for nearly 66,000 users. According to the company’s website, they have sold over two million hardware wallets since their launch in 2012.
Magazine: The Silk Road hacker’s story – $3.4B worth of Bitcoin stored in a popcorn tin.