Pages:
Author

Topic: Trezor's Twitter (X) Account Hacked (Read 247 times)

legendary
Activity: 2730
Merit: 7065
March 23, 2024, 11:39:20 AM
#22
I've never had an account of mine "hacked" (false term, social engineering is far more accurate) and TBH, I don't even understand why is SIM/SMS relevant with 2FA apps such as Google Authenticator.
Yes, it's not a real hack in the traditional sense of the world. The PR representative was tricked into clicking on a link that looked like some kind of calendar entry meant to schedule an interview between the impersonator and Trezor's CEO. Whoever it was, they gave the trickster account access on a platter. Trezor has also stated that they didn't use SMS for 2FA, but a more secure method (not that it helped in this scenario).
sr. member
Activity: 1666
Merit: 310
March 23, 2024, 09:28:36 AM
#21
The person who was in charge of PR should think about changing jobs.
99% of PR/HR people are totally incompetent.

Most of them are cute millennial/GenZ chicks, so don't expect them to lose their job... they know how to "keep" it, especially with DEI these days. Wink

I've never had an account of mine "hacked" (false term, social engineering is far more accurate) and TBH, I don't even understand why is SIM/SMS relevant with 2FA apps such as Google Authenticator. No excuses for buttfuckery. It's 100% incompetence.
legendary
Activity: 2730
Merit: 7065
March 23, 2024, 03:25:19 AM
#20
At first glance, this is a trivial incident (compared to the screw-ups of a competitor Ledger), but if you think about it, it reveals the fact that Trezor is also not doing well with the qualifications of their employees (the human factor), who allowed this to happen.
Fortunately, it wasn't that serious. But it doesn't mean it couldn't have been or that the hackers wouldn't have succeeded in retrieving more valuable data from Trezor employees if they tried it. The database of those who purchased their hardware wallets, for example. We also know that Trezor, just like Ledger, outsource some work to 3rd-party companies. So, Trezor and its team are only one attack model. The other one is all the services that partner with them, handling customer support, email services, and who knows what else.

There are some good accounts to follow, like lopp, aantonop, SamouraiWallet etc.
Andreas doesn't operate his Twitter account. Someone from his team does. Andreas shares his content over his website, YouTube, and Patreon.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 22, 2024, 03:54:09 PM
#19
I have made this step 2 years ago. No more social media for me. I love it now, but it was difficult back then. These apps are designed to be addictive.
Yep. Especially if your communication depends on them, more or less...

All I am saying is that you have put effort in order to acquire some knowledge, but the majority of people on twitter haven't put effort at all.
There are some good accounts to follow, like lopp, aantonop, SamouraiWallet etc. But, I don't follow lots of Bitcoin accounts for the reasons you outlined. Especially random accounts that are into Bitcoin solely for the fiat gains. (I do get them on recommendations though, because... Twitter)
hero member
Activity: 560
Merit: 1060
March 22, 2024, 03:35:09 PM
#18
Eh, I don't say I like it. I just prefer it over Instagram and Facebook. I know that I have to cut social media off my life entirely, but it's difficult. Sometimes after work I just want to relax for a few minutes scrolling on Twitter or YouTube shorts, it ain't that bad, even though I don't hide from you that I feel bad when 20-30 minutes are passed like really fast and I'm just staring at my phone.

I have made this step 2 years ago. No more social media for me. I love it now, but it was difficult back then. These apps are designed to be addictive.

I don't like (but nor hate) the laser-eyes thing either, but wasn't that a thing of the past? I don't remember the last time that I saw a laser eye, to be honest. Maybe Michael Saylor still has that?

Perhaps yes. I have quit Twitter since 2022, so I can't say for sure. Saylor had laser eyes yes. Also Jack Mallers. Some other guys from Bitcoin Magazine too. But as I said, perhaps they have removed the laser beams now  Tongue

You flatter me, but I'm no expert! Just a hobbyist, like everyone else.  Smiley

I never said you are an expert, although I think you know a lot about Bitcoin. All I am saying is that you have put effort in order to acquire some knowledge, but the majority of people on twitter haven't put effort at all. They are used to repeating phrases that they find cool.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 22, 2024, 03:29:34 PM
#17
Good luck man. In my short X life, which lasted approximately 2 days, I was surprised by how much lack of basic knowledge existed there.
Eh, I don't say I like it. I just prefer it over Instagram and Facebook. I know that I have to cut social media off my life entirely, but it's difficult. Sometimes after work I just want to relax for a few minutes scrolling on Twitter or YouTube shorts, it ain't that bad, even though I don't hide from you that I feel bad when 20-30 minutes are passed like really fast and I'm just staring at my phone.

To be clear, I don't have any issues with the laser-eyed avatars, I kinda like it too, but I hate it when people pretend they know something, instead of reading or listening in order to get a more solid grasp of how bitcoin works.
I don't like (but nor hate) the laser-eyes thing either, but wasn't that a thing of the past? I don't remember the last time that I saw a laser eye, to be honest. Maybe Michael Saylor still has that?

I hope that people like you will eventually convey the correct message on X and that you will be able to educate as many people as you can.
You flatter me, but I'm no expert! Just a hobbyist, like everyone else.  Smiley
hero member
Activity: 560
Merit: 1060
March 22, 2024, 03:11:58 PM
#16
Out of curiosity, don't you all think that X (Twitter) has a strong potential to become the no. 1 scamming / hacking / faking website?
It already is. As long as advertisers are willing to pay X a decent amount, they will be approving their advertisement. I'd recently installed X, and the shitcoin shilling is massive. DeFi, meme tokens, yield promising platforms, fake URLs, etc., it's a scam-land. And I wished it was just advertisers; just put an adblock and problem solved. But, there are endless bots which shill the same and even worse stuff in the comments (even NSFW).

Good luck man. In my short X life, which lasted approximately 2 days, I was surprised by how much lack of basic knowledge existed there.
And I mean from "bitcoiners" too. Some laser-eyed morons who were used to repeating everything they were told.
To be clear, I don't have any issues with the laser-eyed avatars, I kinda like it too, but I hate it when people pretend they know something, instead of reading or listening in order to get a more solid grasp of how bitcoin works.
I have been studying about Bitcoin for 2 years now, and I am surprised that I still have so much left to learn.
It's a pity that on X there is so much misleading, scamming and fake news, even from the bitcoiners' side.
I hope that people like you will eventually convey the correct message on X and that you will be able to educate as many people as you can.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 22, 2024, 03:03:04 PM
#15
Out of curiosity, don't you all think that X (Twitter) has a strong potential to become the no. 1 scamming / hacking / faking website?
It already is. As long as advertisers are willing to pay X a decent amount, they will be approving their advertisement. I'd recently installed X, and the shitcoin shilling is massive. DeFi, meme tokens, yield promising platforms, fake URLs, etc., it's a scam-land. And I wished it was just advertisers; just put an adblock and problem solved. But, there are endless bots which shill the same and even worse stuff in the comments (even NSFW).
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
March 22, 2024, 02:31:44 PM
#14
Of course. It was a mistake by their PR team which could have easily been avoided had they not accepted or clicked on anything the hacker sent them.

Reading Trezor's report reminded me of the stuff I used to see from Ledger back in the day. They praise themselves, informing the readers about how serious they take security. They then inform us in a positive way how everything would have stayed safe if it wasn't for the mistake of that one unlucky team member. With Ledger, it was an ex-employee. With Trezor, it's a PR guy who didn't know better.

The person who was in charge of PR should think about changing jobs. What kind of interview is it when it was necessary to verify the application with a Twitter account?
Twitter has become unstable with some very questionable new rules, but companies that present themselves as serious should think about the way they select employers for important positions.
hero member
Activity: 560
Merit: 1060
March 22, 2024, 02:26:08 PM
#13
Out of curiosity, don't you all think that X (Twitter) has a strong potential to become the no. 1 scamming / hacking / faking website?
I mean, I hear this kind of stories all day...
It must mean that they do something really bad there. I realise that people don't use strong passwords and I also realise that 2FA can be spoofed, but still, I don't get it.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 22, 2024, 12:37:37 PM
#12
I don't know what to believe anymore. Was it a security mistake of Trezor or is Twitter a security nightmare now more? We hear accounts getting hacked frequently since Musk bought it. It has been compromised before that, with millions of users having their email addresses leaked, but now it happens more systematically, targeted on compromising influential accounts. It doesn't seem as if all these accounts simply chose to not use a 2FA.
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
March 22, 2024, 11:56:02 AM
#11
Strange how this could happen when they had strong password and 2FA activated in twitter, this was confirmed.
Either this was some insider leak from trezor team, or twitter has some serious security flaws, and I would not be surprised if this was the case.
At first glance, this is a trivial incident (compared to the screw-ups of a competitor Ledger), but if you think about it, it reveals the fact that Trezor is also not doing well with the qualifications of their employees (the human factor), who allowed this to happen. Also, other employees of this company, who are not responsible for social networks, but are already directly connected with trezor devices (both hardware and software part), also come into question, and the question arises, is it still safe (will it be) to store crypto on their devices?

I don't trust clown Musk and his twitter with anything so I automatically not blindly trusting tweets from anyone.
At a minimum, should check the information on alternative channels of the project when tweets appear (strange, why wasn’t this word replaced in the same way as the name of this social network? Xs? Smiley) about the presale and to participate just need to send money to a specific address. In this case, what prevented from checking the accuracy of the presale on the official Trezor's website or in other social networks, because information of this kind is duplicated. Moreover, this (about the upcoming presale) would have been known in advance.


According to ZachXBT, the hack wasn't successful compared to many others. The address received a little over $8,000 in SOL.
This is not the first such trick from scammers, but they still find their client.
legendary
Activity: 2730
Merit: 7065
March 22, 2024, 11:11:44 AM
#10
Which means the fault is still from Trezor.
Of course. It was a mistake by their PR team which could have easily been avoided had they not accepted or clicked on anything the hacker sent them.

Reading Trezor's report reminded me of the stuff I used to see from Ledger back in the day. They praise themselves, informing the readers about how serious they take security. They then inform us in a positive way how everything would have stayed safe if it wasn't for the mistake of that one unlucky team member. With Ledger, it was an ex-employee. With Trezor, it's a PR guy who didn't know better.
legendary
Activity: 2212
Merit: 7064
March 21, 2024, 02:14:20 PM
#9
Twitter is no longer a reliable source of information.  Well, Twitter isn't even "Twitter" anymore.  Elon Musk doesn't know how to handle being rich.  He's drunk with power, and he's wrecked everything Twitter once was.  He did massive staff cutbacks, and I'd be shocked if he hasn't built in backdoors in order to "oversee" things.
He is just a puppet and controlled opposition.
When you think about it a bit deeper, it's impossible for one human being to be involved in so many things like he is, and most of them are fake and/or stolen/purchased from others.

- Trezor's team member connected the company's Twitter profile to the fake app, giving the attacker a permission to post and control of the account.
Nobody is immune on phishing attacks, but I can't believe how many people didn't learn not to click random links without checking first. Tongue

People forgot when few years ago when accounts from Musk and other high profile people got hacked:
https://www.nytimes.com/2020/07/15/technology/twitter-hack-bill-gates-elon-musk.html

legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
March 21, 2024, 12:02:02 PM
#8
Strange how this could happen when they had strong password and 2FA activated in twitter, this was confirmed.
Either this was some insider leak from trezor team, or twitter has some serious security flaws, and I would not be surprised if this was the case.
With what Pmalek later posted, Trezor accepted the fault is from them (Trezor).

I don't trust clown Musk and his twitter with anything so I automatically not blindly trusting tweets from anyone.
I thought there have been several Twitter accounts hacked before Elon Musk bought Twitter. But just that the hackers are having more knowledge daily and the hack become common. I think aside setting the 2FA app or security key, we also need not to click on any link as Trezor did or they should do it on a separate device instead.

Trezor has released a report with more details of the hack. Here are the most important points:

- Trezor didn't use SMS for 2FA. They used a more secure method without naming what.
- It was a phishing attack that was in the works for several weeks.
- The hacker contacted Trezor's PR team pretending to want to arrange an interview with the CEO. After several rounds of communication, the hacker shared a Calendly invite, which turned out to be a malicious link.
- Trezor's team member connected the company's Twitter profile to the fake app, giving the attacker a permission to post and control of the account.
- Trezor revoked the malicious access when they became aware of what happened.
Which means the fault is still from Trezor.
legendary
Activity: 2730
Merit: 7065
March 21, 2024, 11:40:21 AM
#7
They have just used now or they used strong password before?
They claimed to already have used a strong password and 2FA prior to the hacking incident.

It is because this type of scam is common and not new anymore.
That and probably the fact that the tweets were quickly discovered and deleted after Trezor regained access to their account.


Trezor has released a report with more details of the hack. Here are the most important points:

- Trezor didn't use SMS for 2FA. They used a more secure method without naming what.
- It was a phishing attack that was in the works for several weeks.
- The hacker contacted Trezor's PR team pretending to want to arrange an interview with the CEO. After several rounds of communication, the hacker shared a Calendly invite, which turned out to be a malicious link.
- Trezor's team member connected the company's Twitter profile to the fake app, giving the attacker a permission to post and control of the account.
- Trezor revoked the malicious access when they became aware of what happened.
full member
Activity: 128
Merit: 190
March 20, 2024, 04:23:36 PM
#6
Strange how this could happen when they had strong password and 2FA activated in twitter, this was confirmed.
Either this was some insider leak from trezor team, or twitter has some serious security flaws, and I would not be surprised if this was the case.
I don't trust clown Musk and his twitter with anything so I automatically not blindly trusting tweets from anyone.

Yes.

Twitter is no longer a reliable source of information.  Well, Twitter isn't even "Twitter" anymore.  Elon Musk doesn't know how to handle being rich.  He's drunk with power, and he's wrecked everything Twitter once was.  He did massive staff cutbacks, and I'd be shocked if he hasn't built in backdoors in order to "oversee" things.

We should expect to see many more security breeches on X.  Many more.
legendary
Activity: 2212
Merit: 7064
March 20, 2024, 03:39:28 PM
#5
I also have Trezor to blame about this. They are hardware wallet company but failed not to use either the security key or the authentication app.
Strange how this could happen when they had strong password and 2FA activated in twitter, this was confirmed.
Either this was some insider leak from trezor team, or twitter has some serious security flaws, and I would not be surprised if this was the case.
I don't trust clown Musk and his twitter with anything so I automatically not blindly trusting tweets from anyone.
hero member
Activity: 406
Merit: 443
March 20, 2024, 02:47:58 PM
#4
X has not become a reliable source for receiving information, as the blue badge chaos and constant hacking have made the platform lose a lot of credibility. Why do these hackers create things that are easy to discover, meaning if they post something like Trezor recovery service, it will cause more damage than the SOL token.
sr. member
Activity: 574
Merit: 310
March 20, 2024, 02:02:53 PM
#3
Ever since Elon Musk took over ownership of X, no month goes by without a report of an account hack. Furthermore, X has become the home of every type of scam that one can imagine that can be perpetrated, Mostly crypto scams. These crypto scams are advertised and even embedded in every tweets that has a lot of engagements. Unfortunately, even after they are reported as scams, guess what, they are not removed. I have a theory that why this is so is because they are also a revenue stream for X.

These security lapses have ruined their reputation in so many quarters. If X users want to safely secure their accounts and avoid scams and hacks, they can do so through the use of authenticator apps and then do their own research. Whatever happened to that?
Pages:
Jump to: