A report by Trezor explains the elaborate phishing scam that bypassed the company’s security measures.
On March 19, Trezor’s X account suffered a security breach that exposed its 200,000 followers to a fake crypto pre-sale. After alarms were raised, most cryptocurrency users remained vigilant as the hardware wallet company regained control.
The Trezor team recently released a preliminary report addressing these concerns.
Is Trezor’s “Unbreakable Security” Still Protecting Its Users’ Cryptocurrencies?
After taking control of the account, the hacker posted a fake pre-sale address for a $TRZR token. Disguised as an “initiative” to help the Slerf community, the post offered a “separate bonus airdrop” from a website linked in the post that redirected to a wallet drain.
After Trezor regained control of the account, X users expressed concern about the incident and suggested that the hack was a “bad look” for the security-focused company. However, the company guaranteed that they had “robust security measures.”
The company finally addressed user concerns in a preliminary report. The hack is possible due to a “sophisticated phishing scam” rather than a lack of basic security measures. The company is built on “unwavering security,” the post states; As such, all internal products and systems are unaffected despite the breach.
Trezor has highlighted that the security of all their products “remains unaffected,” and that the incident “has in no way impacted or compromised the security of Trezor hardware wallets or any of [their] other products.”
Sophisticated Phishing Scam Steals Pocket Change
According to Trezor, the ongoing investigation has revealed that “the breach appears to have arisen from a sophisticated and calculated phishing attack that was in the works for weeks.” The calculated scheme began on February 29 after the attacker posed as a “credible entity” from the crypto industry.
So far, the identity of the impersonated figure was not revealed. The attacker contacted Trezor’s PR team through X using a “well-crafted social media presence.” The seemingly genuine contact was aimed at scheduling an interview with the company’s CEO.
According to the report, the attacker and the team had a back-and-forth conversation for several days, making efforts to make a call seem more credible. However, the call agreement led to clicking on the link granting access to Trezor’s X account. The malicious link was disguised as a Calendly invitation that, when clicked, redirected a Trezor team member to a page requesting X login credentials.
The team rescheduled the call when the incident raised red flags. During the rescheduled call, the attacker pretended to have technical issues and urged the Trezor team member to “allow” to join the call. This authorization connected the hacker’s Calendly app to the company’s X account. As a result, the attacker gained access to the account and posted the now-deleted posts.
The hacker only stole $8,100 from the malicious link that redirects to the wallet drain. Surprisingly, only 0.96 SOL (around $162.4) was sent to the fake pre-sale address. Without a doubt, the attack was a calculated and elaborate plan that was intended to become a major robbery. However, the hacker’s attempt was stopped by the vigilance of the crypto community and the suspicious nature of the unauthorized posts.
Trezor claims to have put in place “stringent security protocols, including strong passwords and two-factor authentication.” They further emphasized their commitment to continue the implementation of “enhanced security protocols” for all their external communications channels.
By Audy Castaneda
