The official X account of Trezor, a renowned hardware wallet manufacturer, fell victim to a devastating compromise, likely organized through a SIM swap attack.
The breach resulted in fraudulent messages flooding the platform, promoting fake token sales and wallet scams.
Trezor Account Breach
The alarm was first raised by ZachXBT, an anonymous on-chain sleuth, who, on March 19, alerted users to the suspected breach.
Posts emanating from Trezor’s compromised account propagated a fictitious “$TRZR” token presale supposedly on the Solana network. Users were duped into sending funds to a malicious Solana wallet address, falling prey to the fraudulent scheme.
Community alert: Trezor X/Twitter account is currently compromised pic.twitter.com/hNm2OUjEgE
— ZachXBT (@zachxbt) March 19, 2024
Within minutes of the suspicious activity, Crypto security service Scam Sniffer also flagged the account’s behavior. Several posts touted the fake “$TRZR” presale token alongside requests for fund transfers to a Solana wallet address. Links included in these posts directed unwitting users to wallet-draining scams.
Furthermore, ZachXBT revealed that the hacker managed to siphon off approximately $8,100 from Trezor’s Zapper account.
“Imagine hacking the Trezor account only to steal $8.1K,” ZachXBT stated, highlighting the audacity and sophistication of the attack.
The compromised account also made references to a new meme coin dubbed “Slerf” on Solana, potentially as a ploy to further engage users. However, swift action led to removing many fraudulent posts, mitigating potential damages.
Trezor Slammed Over Lack of Security Measures
The incident drew sharp criticism from industry insiders, with prominent figures like John Holmquist expressing disappointment over Trezor’s apparent lack of robust security measures, including two-factor authentication (2FA).
Holmquist emphasized the need for Trezor to prioritize account security, especially given its status as a leading hardware wallet provider.
Trezor is not having a presale.
Trezor’s account is compromised…
Good time to mention you can use a Trezor as a security key for 2FA to secure your Twitter account?
Absolutely major L from a security company, please take account security more seriously. pic.twitter.com/ZQtgqdRx6G
— Jon_HQ (@Jon_HQ) March 19, 2024
Pledditor, another crypto community member, pointed out the irony of a security-focused company like Trezor falling victim to such an attack. “There’s some deep irony that these hardware wallet companies can’t even secure their own Twitter accounts,” they stated.
This breach marks yet another setback for Trezor following a security incident in January that exposed the contact information of nearly 66,000 users.
Despite these challenges, Trezor remains a popular choice in the industry, having sold over two million hardware wallets since its inception in 2012. Their current lineup of products boasts the capability to store over 9,000 coins offline securely.
The post Trezor’s X Account Compromised in Potential Swim Swap Attack appeared first on CryptoPotato.