Popular hardware wallet provider Trezor announced on Wednesday that its X account was compromised earlier in the day despite having all possible protection in place. In what is suspected to be a sim swap scam, the exploiters gained access to Trezor’s X account and promoted the presale of a sham Solana-based token, TRZR.
🚨 Alert 🚨
We experienced a security incident on our X/Twitter account overnight, despite robust protections including a strong password and 2FA. We continue to investigate.
Please remain vigilant and remember, Trezor will NEVER request funds or assets be sent to any address.…
— Trezor (@Trezor) March 20, 2024
According to ZachXBT, some users fell for the scam and deposited funds into the scammer’s provided wallet address. The analyst stated that the exploiters realized about $8,100, including a 25% drainer fee from the scam attempt.
Permeable Despite Strong Security
Unlike the Securities and Exchange Commission’s (SEC) hack in January, in which X disclosed that the account was without two-factor authentication (2FA), Trevor claimed it had all required security checks in place. The cold wallet provider stated in an X post that the exploiter still had access to the account, although it had 2FA and a strong password.
Although Trezor didn’t reveal the details of the attack, it is suspected to be a SIM swap exploit. A SIM swap is an attack in which exploiters convince carrier providers to switch the victim’s phone number to a SIM in their possession.Â
Trezor noted it was investigating the situation and called on users to be vigilant. It stated that it would never request that its customers send funds to an address.
What Next
The attack had the crypto community talking, with a few users doubting Trezor’s 2FA claims. A user also suggested that Trezor refund the affected victims after it had concluded its investigation.
A user’s suggestion caught crypto Twitter’s attention, as the user called on X to create a 2FA requirement for posts on the space. This would require an account to reconfirm its credibility before making a post on the platform.
Solution 😳
Why not create a 2FA Requirement for posts setting? @elonmusk @zachxbt
— Johnny🔺 (@BLiZzABLaZEe) March 20, 2024
This is the first time Trezor has experienced a security breach since its launch in 2013. Another cold storage firm, Ledger, discovered and fixed a malicious patch on its ConnetKit software in December.