7
Threat actors in the cryptocurrency realm have been evolving their methods in recent years, now targeting official X handles of companies that offer crypto-related services. Bybit/flickr.com

KEY POINTS

  • ZachXBT said the hackers stole only a little over $8,000 in the breach
  • Some users said the latest hacking incident raises concerns about X's security systems
  • Aside from Trezor, Beoble and MicroStrategy were the latest X hack victims

The X (formerly Twitter) account of cryptocurrency cold storage wallets provider Trezor has been compromised, the crypto firm confirmed after prominent blockchain security researcher ZachXBT flagged a post made by the account that promoted a fake token presale.

"Community alert: Trezor X/Twitter account is currently compromised," ZachXBT wrote Wednesday. He later provided an update on how much had been stolen in the hack. "Imagine hacking the Trezor account only to steal $8.1K (includes 25% drainer fee)."

Trezor confirmed the breach a few hours later, saying the account suffered a security incident "despite robust protection including a strong password" and two-factor authentication. It continues to investigate the incident.

It further warned that it will never request users to send funds or assets to any address. "As always, a reminder: NEVER share your recovery seed," it added.

Some X users shared their thoughts about the hacking incident. One user noted that if Trezor was actually using two-factor authentication hardware, "X really need[s] to look into this."

"This incident speaks very badly of X/Twitter, no one can be safe on this platform," another user said.

Other commenters diverted concerns to Trezor's security systems. "We need more details, was it an insider at your company?" one user asked. Another said he hopes the Trezor device is "more secure" than its X account.

While X users are still debating who is to blame regarding the compromise, Trezor isn't the first crypto business to have its X account hacked in recent weeks.

Earlier this month, the X handle of Web3 chat solution Beoble was compromised following a series of posts that crypto security firm PeckShield flagged as a phishing attack. Several users took to X to reveal their wallets "got drained."

Late in February, ZachXBT and other security firms reported that MicroStrategy, which is the world's largest known corporate holder of Bitcoin, suffered a hack of its X handle. ZachXBT said over $400,000 was pilfered in the compromise that saw the hackers offering fake free tokens that turned out to be phishing links.

Threat actors focused on crypto-related businesses have been evolving their strategies along with the rise of the emerging industry.

Web3 anti-scam solution Scam Sniffer said in a recent report that in February alone, some 57,000 victims lost approximately $47 million to crypto-associated phishing scams. "Most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts," it said.