On March 21, SatoshiLabs, the company responsible for Trezor hardware crypto wallets, made an announcement regarding the compromise of its X (formerly Twitter) account. Contrary to earlier suspicions of a SIM-swap attack, the company clarified that the compromise was the result of a phishing scam.

SatoshiLabs assured its users that only its X social media account was affected by the phishing scam. The company emphasized that the incident did not impact the security of its hardware wallets, ensuring the safety of all crypto transactions and storage performed using Trezor wallets.

Phishing scams involve fraudulent attempts to deceive individuals into revealing sensitive information, such as passwords or private keys, usually through deceptive emails or websites that mimic legitimate platforms. In this case, the compromise of the Trezor X social media account was attributed to falling victim to such a scam.

With the incident limited to the social media account, Trezor hardware wallets themselves remained secure. Users can continue to rely on the hardware wallets for the safe storage and execution of their cryptocurrency transactions.

SatoshiLabs’ prompt response in addressing the situation and providing clarity regarding the scope of the compromise helps maintain user trust and confidence in the security of the Trezor hardware wallet ecosystem. It also serves as a reminder for individuals to remain vigilant against phishing attempts and to exercise caution when sharing sensitive information online.

Trezor Confirms No Trezor Account or Funds Were Compromised

Cryptonews recently published a report on the breach of Trezor’s X account. Popular blockchain and crypto security investigator ZachXBT alerted his 533K followers about the compromise of the hardware wallet page.


Soon after, crypto security firm Scam Sniffer detected the suspicious activity and warned crypto traders to steer clear.

According to SatoshiLab’s detailed report via Medium, the unauthorized access to their X account was identified at 11:53 PM on March 19, scaling past a series of security protocols, including two-factor authentication (2FA) and a strong password.


Nevertheless, the hardware wallet producers stated that all compromises have been resolved, and accounts on its ecosystem were safe.

SatoshiLabs, the company behind Trezor hardware crypto wallets, made a clear statement regarding the breach of its X account. They emphasized that the security of all their products, including Trezor hardware wallets, remains unaffected by the incident. Users were assured that the compromise of the X account did not impact or compromise the security of their hardware wallets or any other products offered by SatoshiLabs. Both the Trezor device and the Trezor Suite were confirmed to remain safe and secure.

During the breach, the compromised X account was exploited to promote a presale of $TRZR on the Solana blockchain network. The intention behind this was to deceive traders into sending funds to a Solana wallet under false pretenses. In addition, the attackers mentioned a new Solana memecoin named Slerf in an attempt to attract attention and generate further interest.

The concerning aspect of the breach was that the attackers directed crypto investors to click on a malicious link. The purpose of this link was to establish a connection to the users’ wallets and potentially wipe off all the assets and funds stored within them. It is important to note that these malicious posts promoting the presale and the Slerf memecoin were swiftly removed shortly after they were discovered.

John Holmquist, a prominent Web3 security investigator, commented on the incident, stating that the breach of the hardware wallet’s X account was a result of neglecting to implement two-factor authentication (2FA). Two-factor authentication is a security measure that adds an extra layer of protection by requiring users to provide an additional verification step, typically through a separate device or application, when accessing their accounts. The absence of 2FA in this case may have contributed to the vulnerability that allowed unauthorized access to the X account.

The incident serves as a reminder of the importance of robust security measures, including the implementation of 2FA, to safeguard crypto wallets and protect user funds. SatoshiLabs’ prompt response in addressing the breach and assuring users of the security of their hardware wallets helps maintain trust and confidence in their products. It also highlights the ongoing need for vigilance and caution within the crypto community to mitigate the risks associated with potential security breaches.


This was off the mark, however, as SatoshiLab highlighted that its X account had 2FA and other security measures active. It is still unknown if there will be an impending investigation to identify the perpetrator(s).

Trezor asserts that the phishing attack was planned and executed over a period of several weeks, highlighting the sophistication and persistence of the attackers.

SatoshiLabs provided further details on the breach of the official X account, highlighting that it was a sophisticated and well-planned phishing attack that had been in progress for several weeks.

According to SatoshiLabs’ investigation, the attack was initiated on February 29, 2024. The perpetrators created a fictitious entity within the crypto sector, successfully convincing members of crypto communities of its credibility and high reputation.

While the report did not disclose the name of the entity, it revealed that the bad actors actively engaged in genuine crypto conversations to enhance their media presence. They strategically grew their followership to thousands and even approached SatoshiLabs’ PR team to request an interview with the CEO of the wallet firm.

A meeting was scheduled between the PR team member and the attackers. During this process, a malicious link disguised as a Calendly invitation was shared. When the PR team member clicked on the link, they were redirected to a page that requested the X account login details. Recognizing the suspicious nature of the request, the PR team member became cautious and decided to halt the interview plans and suggest a reschedule.

During the rescheduled meeting, the attacker claimed there were technical issues and urged for a call authorization. This authorization process linked the attacker’s Calendly app with SatoshiLabs’ X account, providing the attackers with unauthorized access.

With control over the compromised account, the bad actors were able to promote fraudulent cryptocurrency schemes and share malicious links on behalf of Trezor’s hardware wallet. It was during this time that ZachXBT, a popular Web3 security investigator, detected the fraudulent activity and alerted his followers to the compromise.

The incident serves as a reminder of the increasing sophistication of phishing attacks and the importance of remaining vigilant against such attempts. It highlights the need for robust security measures, thorough verification processes, and continuous education to prevent unauthorized access and protect users within the crypto community.

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *