Bitcoin

Update: Concerns about recent X (Twitter) account breach addressed | Posted by SatoshiLabs | March 2024

Despite the strong security measures recommended by the platform, including the use of strong passwords and two-factor authentication (2FA),https://twitter.com/Trezor) was compromised on the evening of Tuesday, March 19th (we want to clarify that we do not use SMS for 2FA, but instead use more secure authentication methods). The attackers published a series of unauthorized and misleading posts, including malicious links to fraudulent token pre-sales and requests for users to send funds to unknown wallet addresses.

We were notified of the infringement at around 11:53 p.m., and the false posts were quickly identified and deleted immediately after they appeared, mitigating the extent of the damage.

  • The X account compromise was revealed to be a sophisticated phishing attack planned over several weeks.
  • Through our investigation, we learned that the attackers engaged in a calculated plan that began on February 29, 2024. The scheme masqueraded as a trusted entity in the cryptocurrency world with a well-established social media presence and a seemingly genuine interest in the conversation.
  • An impersonator using the handle X with thousands of followers approached our PR team through
  • Over several days, the conversation progressed through trustworthy back-and-forth communication.
  • This set the stage for a call that led to the sharing of a malicious link disguised as a Calendly invitation.
  • As soon as our team member clicked the link, he was redirected to a page asking for X login credentials. This was a red flag that triggered immediate suspicion and cessation of interaction.
  • The meeting schedule has been changed.
  • During the meeting, the attacker feigned technical difficulties and urged team members to ‘approve’ joining the call. However, the authentication prompted the attackers to associate their Calendly app with their X account. In an emergency situation, a member of our team confirmed the connection. The violation was traced to X’s authentication logs.
  • Since the Calendly app was owned by the attackers, they were able to send fraudulent tweets on our behalf.
  • Our initial focus was to mitigate the impact of the incident.
  • We quickly removed unauthorized posts and canceled all active sessions, including those from third-party apps, to prevent further unauthorized access.
  • We have also launched a comprehensive security audit to fully investigate the breach, with a focus on identifying the methods attackers used to circumvent our security measures.

Trezor, the world’s pioneering hardware wallet, has been serving the Bitcoin and cryptocurrency space since 2013. We want to make sure that unwavering security is at the core of what we’ve built over the years. In light of recent events, it is important for you to understand that the security of all our products and internal systems remains intact.

We know there are some concerns. However, violation of account X should not reflect on the integrity of the product. Here’s why:

  • The Trezor wallet is designed to keep your digital assets offline and safe from online vulnerabilities.
  • Our security architecture ensures that critical operations, such as signing transactions, take place within the security of your Trezor device and your private keys are never exposed.
  • Trust in our products is built on rigorous, industry-leading security practices that include regular audits and ongoing testing.
  • That’s why we’ve chosen to keep our software and hardware open source and public, ready for any kind of testing if needed.

This has helped us earn the trust of over 1.5 million customers worldwide.

  • What steps are being taken to protect Trezor’s social accounts?

We have always exercised the utmost care across all communication channels. Even before this incident, we had strict security protocols in place, including strong passwords and two-factor authentication. The investigation revealed the sophisticated nature of the attack, which lasted several weeks. Going forward, we will continue to implement enhanced security protocols for all external communication channels.

  • Could such a breach affect the security of my Trezor wallet?

no.
Your funds remain safe. However, as always, incidents like this serve as a reminder to exercise caution when dealing with unauthorized links. When recovering, do not enter the recovery seed anywhere except on your Trezor device. Additionally, Trezor representatives will never seek recovery seeds through email, customer support, website, or any other form of communication under any circumstances. And there are absolutely no plans for any kind of token sale.

  • Will this incident affect how Trezor interacts with third-party applications going forward?

Unfortunately, in a global business environment, collaboration with third-party platforms (in this case X) is still essential, but it also comes with inherent challenges. We continue to reevaluate our security protocols related to third-party apps.

Related Articles

Back to top button