CRYPTOSTAKE
StakingMarketRegulationCryptostake ExplainsUncharted
Allegedly Hacked Trezor’s X Account Advertises a Scam Token Presale

The Trezor account hack and its implications

The official X account of Trezor, a prominent hardware wallet manufacturer, was compromised, leading to the promotion of a fraudulent token presale. The incident, suspected to be the outcome of a SIM-swap attack, was first brought to public attention by ZachXBT, an independent blockchain investigator, on March 19. He notified his substantial follower base on X about the breach, which was further confirmed by crypto security watchdog Scam Sniffer shortly thereafter.

Trezor's account was manipulated to advertise a bogus “$TRZR” presale token on the Solana network. The posts encouraged users to transfer funds to a specific Solana wallet address, linking to malicious sites designed to drain wallets of unsuspecting victims. Notably, the hacker managed to extract around $8,100 from Trezor's Zapper account during this operation, a sum that includes a 25% drainer fee. ZachXBT's commentary on the relatively small amount stolen underscores the audacity of the hack: 

“Imagine hacking the Trezor account only to steal $8.1K (includes 25% drainer fee).”

This breach is part of a troubling pattern for Trezor, following a January incident that exposed the contact information of nearly 66,000 users. Despite these security challenges, Trezor has remained a key player in the cryptocurrency hardware wallet market, with over 2 million units sold since its inception in 2012.

Community response and the call for enhanced security measures

The recent security breach of Trezor's official X account, which led to the promotion of a fictitious token presale, has ignited a wave of concern and criticism within the cryptocurrency community. Following the incident, voices across the platform underscored the irony and severity of a security-centric firm like Trezor falling victim to such a hack. John Holmquist, a prominent crypto commentator on X, lamented the incident as a "major loss," criticizing the hardware wallet manufacturer for its apparent failure to implement two-factor authentication (2FA) for its social media account security. 

He implored, reflecting a sentiment echoed by many in the aftermath of the breach:

"Please take account security more seriously," 

Further adding to the discourse, X users such as Pledditor and DigitalHustlerX expressed dismay at the situation, highlighting the paradox of a security-focused company failing to safeguard its own digital presence: 

"It’s hard, funny, and shameful at the same damn time,"