Trezor, a provider of hardware wallets for cryptocurrencies, has reported a breach of its account on the X social network (formerly known as Twitter). An unknown hacker gained access to the company’s account and began disseminating malicious links.
🚨 Alert 🚨
We experienced a security incident on our X/Twitter account overnight, despite robust protections including a strong password and 2FA. We continue to investigate.
Please remain vigilant and remember, Trezor will NEVER request funds or assets be sent to any address.…
— Trezor (@Trezor) March 20, 2024
Representatives of Trezor noted that the hacker managed to compromise the account despite the use of “a secure password and two-factor authentication.”
The suspicious activity on Trezor’s account was first noticed by cryptocurrency investigator ZachXBT and the Scam Sniffer platform. ZachXBT pointed out a series of posts related to fake presales of tokens on the Solana network.
Community alert: Trezor X/Twitter account is currently compromised pic.twitter.com/hNm2OUjEgE
— ZachXBT (@zachxbt) March 19, 2024
ZachXBT also claims that the hacker stole $8100 from Trezor, with the funds being taken from the Zapper platform.
Web security expert Nourekx alerted the Trezor team to some aspects of the breach, including malicious links capable of intercepting active user sessions. He also recommended using the FIDO application on the company’s devices and verifying whether access to the account had been delegated to third parties.
There are fake calendly links out there that will hijack your sessions, also check if the hacker delegated access to your account from settings-> security-> delegate -> accounts you have delegated https://t.co/r0ve7o4vo0
— Nourek (@Nourekx) March 20, 2024
This is not the first time Trezor has been targeted by hackers. In January 2024, the company warned of a wave of phishing attacks related to unauthorized access to a third-party support portal. Subsequently, new series of phishing attacks were observed.