SatoshiLabs, the company behind the popular Trezor crypto hardware wallets, has provided a detailed explanation of a recent incident involving fraudulent presale token announcements on its official X account. The company clarified that the breach was a result of a phishing attack, rather than a SIM-swap attack, which was initially suspected. SatoshiLabs highlighted that it does not utilize mobile devices for two-factor authentication, opting for an alternative method instead.
Despite taking necessary precautions, unauthorized individuals managed to make a series of misleading posts on the account. These posts included requests for users to send funds to an undisclosed wallet address, accompanied by harmful links redirecting users to a fake token presale site. The breach was brought to light by blockchain investigator ZachXBT, who alerted his 528,000 followers on X about Trezor’s suspected security breach.
SatoshiLabs revealed that it detected the unauthorized access to its X account on March 19 and now believes it to be a sophisticated phishing attack that had been planned by hackers over a period of several weeks. Once the breach was discovered, the deceptive posts were swiftly identified and removed, minimizing the impact. The company stated that investigations indicate the attackers posed as credible entities within the cryptocurrency community, maintaining a convincing social media presence to engage in seemingly authentic discussions.
Under the guise of an established X account with thousands of followers, the impersonator contacted SatoshiLabs’ public relations team, suggesting an interview with the CEO. Subsequently, a meeting was scheduled, during which the impersonator shared a malicious link disguised as a Calendly calendar invitation. This prompted a team member to provide their X login credentials, raising suspicions. However, the meeting was rescheduled, and in the subsequent session, the attacker successfully linked their Calendly to SatoshiLabs’ X account by feigning technical difficulties.
It is worth noting that Trezor experienced a security breach in January, which exposed the contact information of approximately 66,000 users. Since its launch in 2012, the wallet maker has sold over two million hardware wallets.