The official X account of Trezor, a manufacturer of hardware crypto wallets, was reportedly hacked to post a series of fraudulent messages about presales on Solana.
Community alert: Trezor X/Twitter account is currently compromised pic.twitter.com/hNm2OUjEgE
— ZachXBT (@zachxbt) March 19, 2024
The incident was highlighted by well-known on-chain researcher ZachXBT. The suspicious activity was subsequently noted by the Scam Sniffer service.
The posts promoted a fake presale of the TRZR token for SOL and contained links leading to drainers. The messages mentioned the popular meme coin SLERF, likely to attract attention.
ZachXBT also noted that the hacker stole about $8100 from Trezor’s account on the Zapper platform.
Imagine hacking the Trezor account only to steal $8.1K (includes 25% drainer fee)
0x16384f846c2ac7a10cd5d2353e59ae9d635cbc9f pic.twitter.com/xrVCuhyCLe
— ZachXBT (@zachxbt) March 19, 2024
In the comments, many users called it “ironic” that a company offering secure storage solutions could not protect its own account.
“It’s hard, funny, and at the same time damn shameful that they don’t even practice what they preach and don’t follow their own advice,” wrote one user.
Web3 security expert John Holmquist suggested that the Trezor team “remember” the possibility of using the company’s hardware devices as keys for two-factor authentication (2FA).
Trezor is not having a presale.
Trezor’s account is compromised…
Good time to mention you can use a Trezor as a security key for 2FA to secure your Twitter account?
Absolutely major L from a security company, please take account security more seriously. pic.twitter.com/ZQtgqdRx6G
— Jon_HQ (@Jon_HQ) March 19, 2024
The specialist emphasized that security “should be taken more seriously.”
“There’s some deep irony that these hardware wallet companies can’t even secure their own Twitter accounts,” summarized a commentator under the nickname Pledditor.
.@Trezor‘s account is hacked
There’s some deep irony that these hardware wallet companies can’t even secure their own twitter accounts pic.twitter.com/z4j7gVHJey
— Pledditor (@Pledditor) March 19, 2024
According to the Trezor website, the company has over 2 million device users. The current offering includes three models priced from $59 to $179.
The team confirmed the security incident with the X account. Developers noted that they used 2FA and are investigating the hack. They emphasized that the company “will never ask for funds to be sent to any address” or request users’ wallet recovery information.
? Alert ?
We experienced a security incident on our X/Twitter account overnight, despite robust protections including a strong password and 2FA. We continue to investigate.
Please remain vigilant and remember, Trezor will NEVER request funds or assets be sent to any address.…
— Trezor (@Trezor) March 20, 2024
In January, the manufacturer acknowledged a data breach affecting approximately 66,000 clients through a third-party support service.
In December 2023, Trezor added support for Solana and SPL tokens.