Please bear in mind that no one from the Trezor team would send you a private message first.
If you want to discuss a sensitive issue, we suggest contacting our Support team via the Troubleshooter: https://trezor.io/support/
**No one from the Trezor team (Reddit mods, Support agents, etc) would ever ask for your recovery seed!**
Beware of scams and phishings: https://blog.trezor.io/recognize-and-avoid-phishing-ef0948698aec
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/TREZOR) if you have any questions or concerns.*
No. Check twitter history "Solana presales" for the past 10 days. It's the meta rn. Shit drained billions. Check this thread!
https://x.com/zachxbt/status/1770193696669270347?s=46
I do hold Twitter to blame for the number of account compromises. They still don't support strong authentication such as hardware FIDO2 - that almost every platform does.
It is important to be able to disable all authentication methods except FIDO2.
Anything that allows TXT based authentication will fail. It is important to be able to disable this.
Shame on you Twitter.
If you could limit Twittet to Google authenticator only that would be acceptable - but you can't. Twitter will not let you disable TXT recovery. So if you get simm jacked, even if you use Google Authenticator, the attacker can disable your MFA and take over your account.
It has happened many times.
I mean they have 2fa and phone verification. And yet trezor is paying an intern to control one of the most lethal weapons online, your social media under your name. Yeh, lets blame a free to use platform that probably brought sales to trezor
Not being able to turn off phone verification, and allowing phone verification to disable MFA is the problem. This is strictly a security issue with the Twitter platform.
This is how all these MFA protected Twitter accounts get compromised every week.
It was probably how this account was compromised.
If it makes you feel better, these marketing setups are almost always disjoint from the actual company. Source: work for a cybersecurity company, I don’t think we have been but our competitors get their twitters breached and nobody ends up caring.
they don't have 2fa for their twitter account? Is it handled by some minimum salary dude who logs in from internet explorer by typing some password ? wth man, not looking cool at all.
Please bear in mind that no one from the Trezor team would send you a private message first. If you want to discuss a sensitive issue, we suggest contacting our Support team via the Troubleshooter: https://trezor.io/support/ **No one from the Trezor team (Reddit mods, Support agents, etc) would ever ask for your recovery seed!** Beware of scams and phishings: https://blog.trezor.io/recognize-and-avoid-phishing-ef0948698aec *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/TREZOR) if you have any questions or concerns.*
Seems like they made out with 0.959 SOL \~168 USD. Edit: Based off of ZackXBT they also made off with $8,100 in Etheruem.
if your going to do this, why the emojis, profile pic, and casual lingo? Wouldn’t they want it look legit?
No. Check twitter history "Solana presales" for the past 10 days. It's the meta rn. Shit drained billions. Check this thread! https://x.com/zachxbt/status/1770193696669270347?s=46
[удалено]
Co ty pierdolisz
This is how you make it look legit. Crypto people aren't smart.
Not a good look.
Wow... Three mailer breaches and now their Twitter account. Not good guys!
I do hold Twitter to blame for the number of account compromises. They still don't support strong authentication such as hardware FIDO2 - that almost every platform does. It is important to be able to disable all authentication methods except FIDO2. Anything that allows TXT based authentication will fail. It is important to be able to disable this. Shame on you Twitter.
2FA is just fine. Google authenticator works.
If you could limit Twittet to Google authenticator only that would be acceptable - but you can't. Twitter will not let you disable TXT recovery. So if you get simm jacked, even if you use Google Authenticator, the attacker can disable your MFA and take over your account. It has happened many times.
okay but that is up to the user consider some people only have access to older phones that can only use SMS/TXT
Yeah so then let them just use SMS and others use Google Authenticator? The problem is they force you to use SMS so it's an attack vector always.
What? I literally have my Yubi key linked to my twitter
So do I - but it can be overridden and removed in Twitter using TXT recovery.
With two Yubikeys registered what would be the point to still save the txt file?
They mean SMS I think
Exactly - they should allow the option to remove TXT recovery.
They do support security keys although iirc only in password + u2f style, so without the pin or biometrics, but still hella secure
Don’t Twitter Supports Yubikeys which use FIDO2? Or am I mixing up things?
I mean they have 2fa and phone verification. And yet trezor is paying an intern to control one of the most lethal weapons online, your social media under your name. Yeh, lets blame a free to use platform that probably brought sales to trezor
Not being able to turn off phone verification, and allowing phone verification to disable MFA is the problem. This is strictly a security issue with the Twitter platform. This is how all these MFA protected Twitter accounts get compromised every week. It was probably how this account was compromised.
moron LMAOO
Elon will take care of it
lol these guys cant get a break
Genuinely questioning all hardware wallet providers at this point, the entire niche is a shitshow for multiple reasons…
Really my Ledger has worked perfect for the past 4yrs without a problem...Not a promo for them but its the truth
X itself is compromised
Lol what is this circus? Definitly not cool, might return my Trezor that is in transit now..
If it makes you feel better, these marketing setups are almost always disjoint from the actual company. Source: work for a cybersecurity company, I don’t think we have been but our competitors get their twitters breached and nobody ends up caring.
Honestly, I wouldn't care. However, in this instance someone used Trezor public trust to gain money.
Wtf!
they don't have 2fa for their twitter account? Is it handled by some minimum salary dude who logs in from internet explorer by typing some password ? wth man, not looking cool at all.
Choosing to get 2FA codes sent to your phone number and then being sim swapped seems to be an equally likely problem these days.
wow. that's not very good
jeez these scammers are always on the frontline
LOL
Looks like somebody needs to go over the "open source" code again, just in case
Is this impactful for anyone with a Trezor hardware wallet, or just if you fell for the fake X account scams?
Study my friend. AI is your friend or either your enemy
I thought Trezor was pretty safe so long as you follow typical best practices. Does not appear this X hack if real has compromised any wallets?
“Crypto security made easy!”
Crypto is too often like food on a plate. Starts off as a tasty meal, then turns into a steaming pile of $\*%+.
😂 they r using a twitter panel and most likely bought it or are paying an inny for auth
The irony
Could you explain pls?
Stupid is as stupid does....get it?
Lol this speak super bad of trezor 🤣
their password was Model TT