6 months ago
33 ARTICLE AD
The hacker posted links to a wallet drainer and has stolen at least $8,100.
On-chain sleuth ZachXBT recently published an alert on X regarding a suspected hack on Trezor’s X account, which posted a series of fraudulent messages which promoted a fake presale token offering for “$TRZR” on the Solana Network.
The threat actor instructed users to send funds to a Solana wallet address, including links that directed users to wallet drainers.
Community alert: Trezor X/Twitter account is currently compromised pic.twitter.com/hNm2OUjEgE
— ZachXBT (@zachxbt) March 19, 2024
Succeeding posts made references to Slerf, another memecoin on the Solana network. This can be seen as an attempt to generate engagement and social traction to funnel unwary users to the wallet drainer contracts. The posts have since been removed and were addressed, minutes after being sent to Trezor’s followers.
According to ZachXBT, the hacker stole an estimated $8,100 from Trezor’s Zapper account. Crypto security platform Scam Sniffer also flagged the suspicious activity shortly after ZachXBT’s warning, confirming the breach.
Despite the severity and scalability of this breach being limited in terms of value stolen, the hack has been described as a “major L for from a security company” by crypto security researcher Jon Holmquist.
Trezor is a hardware wallet manufacturer providing security solutions for storing and managing cryptocurrencies and other digital assets. Trezor’s wallets incorporate a Secure Element chip, with over two million devices sold worldwide. Trezor is operated and developed by SatoshiLabs and was founded sometime in 2012.
Recent security issues with Trezor include vulnerabilities such as XSS (cross-site scripting) in Trezor Connect’s legacy versions, CSRF (cross-site request forgery) issues in the wallet’s Dropbox integration, as well as missing path isolation checks, which have impacted the security of Trezor devices.
Unciphered, a cybersecurity firm, also claimed in May last year that Trezor wallets can be broken into by using a physical method. Earlier this year, in January, Trezor faced another security breach, which leaked the contact information of over 66,000 users.
The recent hack on Trezor’s X account is attributed to an email phishing campaign that targeted the wallet hardware firm’s socials. SatoshiLabs has yet to issue a statement on the matter.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
