Cryptocurrency hardware wallet manufacturer Trezor suffered a significant security breach on March 19, 2024, when attackers hijacked its official X (formerly Twitter) account through a suspected SIM-swap attack. The compromised account was used to promote a fraudulent token presale, resulting in approximately $8,100 in stolen funds from unsuspecting users.
The Exploit Mechanics
The attack began when threat actors executed a SIM-swap maneuver against Trezor’s social media team, effectively gaining control of the phone number associated with the company’s X account. Once in possession of the account credentials, the hackers immediately began posting promotional content for a fake token called “$TRZR,” supposedly launching on the Solana blockchain.
The fraudulent posts instructed followers to send funds to an unauthorized Solana wallet address controlled by the attackers. Beyond simple fund transfers, the compromised account also shared links to malicious “wallet drainer” smart contracts designed to siphon digital assets from anyone who interacted with them. To increase credibility and drive engagement, the attackers name-dropped “Slerf,” a trending memecoin project on Solana’s network at the time.
Blockchain investigator ZachXBT was the first to publicly flag the breach, alerting his 528,000 followers about the suspicious activity. Crypto security firm Scam Sniffer rapidly confirmed the attack, helping to limit the damage by spreading awareness before more users could be affected.
Affected Systems
The primary system compromised was Trezor’s official X account, which serves as a major communication channel for the hardware wallet company that has sold over 2 million devices worldwide since its founding in 2012. While the breach was limited to the social media channel and did not affect Trezor’s hardware wallet infrastructure or user funds stored on devices, the reputational damage to a security-focused brand is substantial.
With Bitcoin trading around $61,900 and Ethereum near $3,150 at the time of the attack, the broader crypto market was already experiencing significant volatility, with BTC down 8.34% and ETH down 10.24% over the preceding 24 hours. This market uncertainty may have made some users more susceptible to fraudulent investment opportunities promising quick returns.
The Mitigation Strategy
Following the breach, the fraudulent posts were eventually removed from Trezor’s account. However, the incident has raised serious questions about the operational security practices of one of the cryptocurrency industry’s most trusted security brands. The attackers’ Ethereum wallet address (0x16384f846c2ac7a10cd5d2353e59ae9d635cbc9f) has been identified and tracked by blockchain analysts.
For organizations operating in the crypto space, this breach underscores the critical importance of implementing robust account security measures beyond basic password protection, including hardware-based two-factor authentication, strict access controls for social media management tools, and regular security audits of all communication channels.
Lessons Learned
The Trezor breach highlights several key security principles that apply across the cryptocurrency ecosystem. First, social engineering attacks remain one of the most effective vectors for compromising even security-conscious organizations. Second, SIM-swap attacks continue to pose a significant threat to any account that relies on phone-based authentication. Third, the speed at which attackers were able to monetize the compromised account demonstrates the importance of rapid incident response capabilities.
The fact that a hardware wallet manufacturer—a company whose entire value proposition is built on security—fell victim to a relatively straightforward social engineering attack should serve as a wake-up call for the entire industry.
User Action Required
Users who interacted with any links shared from Trezor’s X account on March 19, 2024, should immediately check their wallets for unauthorized transactions and revoke any token approvals granted to suspicious contracts. All crypto users should enable hardware-based two-factor authentication on their social media accounts and be wary of any token presale announcements, even from apparently legitimate sources. Always verify information through multiple independent channels before sending funds to any address.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research before making any investment or security decisions.
8k stolen because people still trust verified checkmarks over common sense. the drainer links are always obvious if you actually look at the url
TRZR token on Solana lol. of course it was solana. the memecoin casino makes these scams way too easy to blend in
SIM swaps are still insanely easy to pull off and carriers have done almost nothing to fix it. This will keep happening.
8k is actually low for an account that size. They got lucky the response was fast enough.
a hardware wallet company getting SIM swapped is wild. like the one org that should understand opsec better than anyone
Interesting that Slerf was name-dropped to add credibility. Attackers are getting smarter about which narratives to piggyback on.
the real lesson here is never click links from twitter accounts even if you trust them. always verify through official channels separately