trezor.io/start - Model One
Monitor your cryptocurrency holdings stored on your hardware wallet while on the move using the secure and privacy-preserving Trezor Lite mobile app
This post aims to address concerns surrounding a breach of our official X (formerly, Twitter) account earlier this week. Despite stringent security protocols, including strong passwords and two-factor authentication, we detected unauthorized activity on our X account at 11:53 PM on Tuesday 19 March. The breach appears to have arisen from a sophisticated and calculated phishing attack that was in the works for weeks.
In the spirit of full transparency and to address any concerns around our commitment to security, we felt it necessary to share a preliminary report on the incident. Please note, that the investigation is ongoing.
What we know
The breach of our X account has unfolded to be a sophisticated phishing attack, planned over the course of weeks.
From our investigation, we have understood that the attackers engaged in a calculated scheme that began on February 29, 2024, posing as a credible entity from the crypto space, complete with a well-crafted social media presence and a seemingly genuine interest in dialogue.
The impersonator, using an X handle with thousands of followers, approached our PR team over X, under the guise of scheduling an interview with our CEO.
Over several days, the conversation advanced with credible back-and-forth communication.
This set the stage for a call, that culminated in the sharing of a malicious link, disguised as a Calendly invite.
Our team member, upon clicking the link, was redirected to a page requesting X login credentials, a red flag that prompted immediate suspicion and cessation of the interaction.
The meeting was rescheduled.
At the time of the meeting, the attacker feigned technical issues and urged our team member to “authorize” joining the call. The authorization was however a prompt to connect the attacker’s Calendly app with our X account. In the urgency of the moment, our team member confirmed the connection. The breach has been traced in X’s authentication logs.
As the Calendly app was under the attacker’s possession, they were able to send the fraudulent tweets on our behalf.
Last updated