After gaining control of the account, the hacker posted a fake presale address for a $TRZR token. Disguised as an \u201cinitiative\u201d to help the Slerf community, the post offered a \u201cseparate bonus airdrop\u201d from a website linked in the post that redirected to a wallet drainer.<\/p>\n
After Trezor regained control of the account, X users expressed their worries about the incident and suggested that the hack was a \u201cbad look\u201d on the security-focused company. However, the company guaranteed that they had \u201crobust security measures.\u201d<\/p>\n
\nWe want to clarify that we do not make use of SMS for 2FA, and instead employ more secure methods of authentication.<\/p>\n<\/blockquote>\n
The company finally addressed<\/a> users\u2019 concerns in a preliminary report. The hack is possible due to a \u201csophisticated phishing scam\u201d instead of a lack of basic security measures.<\/p>\n
The company is based on \u201cunwavering security,\u201d the post states; as such, all products and internal systems remain unaffected despite the breach.<\/p>\n
<\/p>\n
<\/span>Sophisticated Phishing Scam Steals Pocket Change<\/span><\/h2>\n
According to Trezor, the ongoing investigation has revealed that \u201cthe breach appears to have arisen from a sophisticated and calculated phishing attack that was in the works for weeks.\u201d<\/p>\n
The calculated scheme began on February 29 after the attacker posed for a \u201ccredible entity\u201d from the crypto industry. At the time of writing, the identity of the impersonated figure was not revealed.<\/p>\n
The attacker contacted Trezor\u2019s PR team through X using a \u201cwell-crafted social media presence.\u201d The seemingly genuine contact aimed to schedule an interview with the company\u2019s CEO.<\/p>\n
According to the report, the attacker and the team had a back-and-forth conversation over several days, which made the efforts to stage a call seem more credible. However, the call agreement led to the click of the link that granted access to Trezor\u2019s X account.<\/p>\n
The malicious link was disguised as a Calendly invite that, upon clicking, redirected a Trezor\u2019s team member to a page requesting the X login credentials. The team rescheduled the call as the incident raised red flags.<\/p>\n
During the rescheduled call, the attacker pretended to have technical issues and urged Trezor\u2019s team member \u201cto \u2018authorize\u2019 joining the call.\u201d This authorization connected the hacker\u2019s Calendly app with the company\u2019s X account. As a result, the attacker gained access to the account and published the now-deleted posts.<\/p>\n
\nhe got a whopping 0.96 Solana as well pic.twitter.com\/zqHjxM8EOI<\/a><\/p>\n
![\"BTC,BTCUSDT,](\"https:\/\/www.bitrabo.com\/discover\/wp-content\/uploads\/2024\/03\/1711156951_327_Is-Your-Crypto-Safe-Trezor-Addresses-Concerns-Over-Hack-Claims.png\")
<\/p>\n