Trezor, a famous hardware wallet developer who stores private keys, has recently experienced a breach into his X account. While addressing the respective issue, the company said that it took instant measures to secure the account without any compromise on the security of the products.
Attacker Shares Malicious Posts on Trezor’s X Account after Breaching It
The firm mentioned that the incident took place despite the 2-factor authentication as well as the resilient passwords. As per the company, a calculated and sophisticated phishing exploit led to the respective breach. It mentioned that the attacker was potentially working on the respective exploit for several weeks. Nonetheless, it clarified that none of the company’s products had any impact.
In addition to this, it assured the consumers about the hardware wallets along with Trezor Suite. With the provision of the details with complete transparency, Trezor asserted its determination to maintain security. Additionally, it shared a preliminary report regarding the event. It added that the attacker made an array of deceptive posts. They included those requesting clients to transfer funds to an anonymous wallet address.
Moreover, such posts also included malicious links to fake token presales. The company rapidly detected the respective posts and removed them. This development mitigated the impact of the respective incident in terms of the subsequent damage. The firm revealed that the attacker executed a well-planned action series. According to Trezor, the attacker utilized an X handle that had numerous followers.
Therefore, the impersonator reached the PR team of the firm over X while asking for an interview with the CEO. The communication between both parties moved forward in several days. In the end, the impersonator shared a malicious link. The team member of the firm opened the link that redirected to a page asking for login credentials. This posed a red flag so the firm immediately ceased the meeting out of suspicion.
The Company Rapidly Deletes the Malicious Posts and Starts Investigation into the Incident
After that, the company rescheduled the meeting. This time, while referring to some pretended technical issues, the attacker asked to join the call. This also included a login prompt to link to the impersonator’s app. The team member entered the login credentials in the urgency. To deal with this situation, the firm initially deleted the unauthenticated posts. Furthermore, it also started a thorough security audit to discover the attacker’s approach.