SatoshiLabs Trezor Twitter account hacked due to phishing

SatoshiLabs, the creator of Trezor hardware cryptocurrency wallets, on March 21 reported a phishing attack has caused unauthorized access to its Twitter social media account.

During the breach, the compromised Twitter account was manipulated to promote a fake $TRZR presale on the Solana blockchain, alongside a new Solana memecoin named Slerf, to lure investors into clicking a malicious link. This link was designed to drain assets and funds from the victims' wallets.

The breach was first reported on March 19 by ZachXBT, a blockchain and crypto security investigator, through a tweet to his 533,000 followers, warning them about the compromised state of Trezor's X account. Scam Sniffer, a crypto security firm, also identified the suspicious activities, advising crypto traders to exercise caution.

The company confirmed that this security incident is limited to their Twitter account and does not extedn to Trezor hardware wallets or Trezor Suite for crypto transactions and storage.

SatoshiLabs detailed in a Medium post that they detected unauthorized access to their Twitter account at 11:53 PM on March 19th. Despite having two-factor authentication (2FA) and strong passwords, the attackers were able to breach the account. SatoshiLabs quickly addressed the issue, reassuring that no other aspect of their product ecosystem was compromised.

SatoshiLabs also revealed that the phishing attack was not a spontaneous act but a calculated operation initiated on February 29, 2024. The attackers established a fake entity within the crypto community, engaging in genuine conversations to build a reputable presence. They then approached SatoshiLabs' PR team pretending to schedule an interview with the CEO via a malicious link disguised as a Calendly invitation. Although the initial attempt raised suspicion and was aborted, the attackers succeeded in a subsequent attempt by tricking the team into authorizing a call, which ultimately led to the breach.