Crypto Wallet Hardware Provider Trezor's X Account Hacked For Fake Token Presale

Threat actors in the cryptocurrency realm have been evolving their methods in recent years, now targeting official X handles of companies that offer crypto-related services. Bybit/flickr.com

KEY POINTS

ZachXBT said the hackers stole only a little over $8,000 in the breach
Some users said the latest hacking incident raises concerns about X's security systems
Aside from Trezor, Beoble and MicroStrategy were the latest X hack victims

The X (formerly Twitter) account of cryptocurrency cold storage wallets provider Trezor has been compromised, the crypto firm confirmed after prominent blockchain security researcher ZachXBT flagged a post made by the account that promoted a fake token presale.

"Community alert: Trezor X/Twitter account is currently compromised," ZachXBT wrote Wednesday. He later provided an update on how much had been stolen in the hack. "Imagine hacking the Trezor account only to steal $8.1K (includes 25% drainer fee)."

Community alert: Trezor X/Twitter account is currently compromised pic.twitter.com/hNm2OUjEgE
— ZachXBT (@zachxbt) March 19, 2024

Trezor confirmed the breach a few hours later, saying the account suffered a security incident "despite robust protection including a strong password" and two-factor authentication. It continues to investigate the incident.

🚨 Alert 🚨

We experienced a security incident on our X/Twitter account overnight, despite robust protections including a strong password and 2FA. We continue to investigate.

Please remain vigilant and remember, Trezor will NEVER request funds or assets be sent to any address.…
— Trezor (@Trezor) March 20, 2024

It further warned that it will never request users to send funds or assets to any address. "As always, a reminder: NEVER share your recovery seed," it added.

Some X users shared their thoughts about the hacking incident. One user noted that if Trezor was actually using two-factor authentication hardware, "X really need[s] to look into this."

Any comment from X about this?

If Trezor were using hardware 2fa, as I'm sure they were, X really need to look into this.
— Goldfish 🟠 (@Gold_Phishy) March 20, 2024

"This incident speaks very badly of X/Twitter, no one can be safe on this platform," another user said.

This incident speaks very badly of X/Twitter, no one can be safe on this platform, every day I have more distrust
— Crypto Market (@CryptoMarket369) March 20, 2024

Other commenters diverted concerns to Trezor's security systems. "We need more details, was it an insider at your company?" one user asked. Another said he hopes the Trezor device is "more secure" than its X account.

Not a good look guys, you're meant to be all about security. We need more details, was it an insider at your company?
— Wilf (@i_am_wilf) March 20, 2024

While X users are still debating who is to blame regarding the compromise, Trezor isn't the first crypto business to have its X account hacked in recent weeks.

Earlier this month, the X handle of Web3 chat solution Beoble was compromised following a series of posts that crypto security firm PeckShield flagged as a phishing attack. Several users took to X to reveal their wallets "got drained."

Late in February, ZachXBT and other security firms reported that MicroStrategy, which is the world's largest known corporate holder of Bitcoin, suffered a hack of its X handle. ZachXBT said over $400,000 was pilfered in the compromise that saw the hackers offering fake free tokens that turned out to be phishing links.

Threat actors focused on crypto-related businesses have been evolving their strategies along with the rise of the emerging industry.

Web3 anti-scam solution Scam Sniffer said in a recent report that in February alone, some 57,000 victims lost approximately $47 million to crypto-associated phishing scams. "Most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts," it said.