en
Back to the list

Hacker Steals Over $690,000 After Hijacking Vitalik Buterin's Twitter Account

source-logo  decrypt.co 10 September 2023 23:00, UTC

Ethereum creator Vitalik Buterin appears to have fallen victim to a hacker on Twitter, who went on to steal $691,000 from users who followed a corrupted link posted to his feed.

The hack was first noticed on Saturday when a post appeared on Buterin’s post announcing the launch of a set of commemorative non-fungible tokens (NFTs) from software provider Consensys. This malicious link—which could have been shown to many of his 4.9 million followers—prompted victims to connect their wallets to mint the NFT, but in reality, it simply created a vacuum for the hacker to make off with their funds.

On Crypto Twitter, users were quick to raise the alarm about the fake link, but the first apparent acknowledgment that Buterin was hacked came from his father, Dmitriy "Dima" Buterin.

Disregard this post, apparently Vitalik has been hacked. He is working on restoring access. https://t.co/2fjM0GhvIa

— dima.eth (@BlockGeekDima) September 9, 2023

The post has since been deleted, but the damage was done, as a number of victims reported losing access to funds from their wallets. Within the hour, the hacker appeared to make off with more than $147,000, but that quickly increased to $691,000, according to blockchain investigator @ZachXBT.

In the day since the hack was first reported, Buterin has not yet commented publicly on the incident, his most recent post again being a retweet of a Sept. 6 post. @ZachZPT reported that the hacker subsequently sent a stolen NFT to Buterin.

they hacker just sent Vitalik this NFT they drained

0x909c74236ded54ecea95ea1568e1abf67624ccae436d1b9d94cd0c163b11eec5 pic.twitter.com/Fx6ekDYyWR

— ZachXBT (@zachxbt) September 10, 2023

It is unknown just how many users were affected, but this latest incident adds to a growing list of hacks over social media that have netted millions in tokens.

After so many losses, there has been a debate on how victims should be compensated for their losses by developers themselves. Twitter’s own security also came into question, including by Binance CEO Changpeng Zhao, who wrote that the platform’s account security "is not designed” well compared to traditional financial accounts.

“It needs quite a bit more features: 2FA, login ID should be different from handle or email, etc.,” wrote Zhao, referring to two-factor authentication. “In the past, I have had my Twitter account locked a few times due to hackers trying to brute-force it (trying different passwords repeatedly). This was before the 'Elon era.'”

Two-factor authentication is a widely recommended defense method for users to require two sets of information to verify their identity before accessing an account. It is supported by Twitter, but only for users who pay for Twitter Blue. Brute forcing is a tactic where hackers bombard an account with access requests until one eventually breaks through.

decrypt.co