Phishing: The Root of Compromised X Account

SatoshiLabs, the company responsible for Trezor X, has provided a detailed explanation of an incident in which fraudulent presale token announcements were posted on their official X account. The company explained that this breach was the result of a phishing attack, not a SIM swap attack as previously suspected. SatoshiLabs wanted to emphasize that they do not use SMS for two-factor authentication (2FA) and instead employ more secure authentication methods. Despite these precautions, attackers were able to make unauthorized and misleading posts on their X account. These posts included requests for users to send funds to an unknown wallet address along with harmful links that directed users to a fake token presale.

An independent blockchain investigator named ZachXBT informed his 528,000 followers on X about a potential breach by Trezor on March 19. The official X account of Trezor, a hardware wallet manufacturer, had published a series of malicious posts that promoted fraudulent presale token offerings. SatoshiLabs discovered unauthorized access to their X account on the same day, suspecting that it was a sophisticated phishing attack planned by hackers over several weeks. Once SatoshiLabs became aware of the breach, they quickly identified and removed the deceptive posts to minimize potential harm. They made it clear that the security of their products, including Trezor hardware wallets, had not been compromised.

The breach of SatoshiLabs’ X account was the result of an intricate phishing scheme carried out over a few weeks. Investigations revealed that the attackers impersonated a credible entity in the cryptocurrency community and created a convincing social media presence. They engaged in authentic discussions to appear legitimate. Under the guise of an established X account with a large number of followers, the impersonator contacted SatoshiLabs’ PR team to suggest an interview with the CEO. During this process, a malicious link disguised as a Calendly calendar invitation was shared. When a team member clicked on this link, they were prompted for their X login credentials, raising suspicions. The meeting was then rescheduled. In the subsequent session, the attacker successfully linked their Calendly account to SatoshiLabs’ X account by feigning technical issues.

It’s worth noting that Trezor had experienced a security breach in January that exposed the contact information of almost 66,000 users. As stated on their website, the wallet manufacturer has sold more than two million hardware wallets since its launch in 2012.

Beckie Dunkelberger

Beckie Dunkelberger

Leave a Reply