en
Back to the list

Buterin unveils X account hack stemmed from SIM-swap attack

source-logo  crypto.news 12 September 2023 04:32, UTC

Ethereum’s co-founder, Vitalik Buterin, has shed light on the unsettling breach of his X (Twitter) account, attributing it to a SIM-swap attack.

Sharing his experience on Farcaster, a decentralized social media platform, on Sept. 12, Buterin recounted his ordeal. He stated that the hacker manipulated T-Mobile, the telecommunications service provider, to seize control of his phone number.

“Yes, it was a SIM swap, meaning that someone socially-engineered T-mobile itself to take over my phone number.”

Vitalik Buterin, co-founder of Ethereum

This sophisticated social engineering tactic allowed the hacker to reset the password of Buterin’s X account, even without utilizing it as a two-factor authentication (2FA) method.

The Ethereum (ETH) magnate has regained control of his T-Mobile account and urged users to consider removing their phone numbers from X (Twitter) to enhance security.

He acknowledged that he had previously encountered advice against using phone numbers for authentication but did not fully grasp the gravity of the situation until now.

You might also like: US SIM-swapper who stole $20m in crypto jailed

The breach on Sept. 9 saw the hacker exploiting Buterin’s X account to orchestrate a fraudulent non-fungible token (NFT) giveaway. Unsuspecting users were lured into clicking a malicious link, culminating in a staggering loss of over $691,000.

SIM-swap attacks, also known as sim jacking, are becoming an increasingly prevalent method cybercriminals use to hijack mobile phone numbers. Once in control of the number, they can bypass 2FA security measures to infiltrate social media, banking, and cryptocurrency accounts.

Crypto industry giants raise alarm on phishing scams

This breach is not an isolated incident, as phishing scams proliferate on social media platforms. Notable figures in the cryptocurrency sector, including Binance CEO Changpeng Zhao, have voiced concerns over these cyber-attack surges.

Vitalik's Twitter account got hacked. Use common sense when reading content on social media, even from large KOLs.

Twitter's account security is not designed as financial platforms. It needs quite a bit more features: 2FA, login id should be different from handle or email, etc.… pic.twitter.com/oYQch8r2H0

— CZ 🔶 Binance (@cz_binance) September 10, 2023

These scams often involve verified bots and are strategically aimed at high-profile individuals in the crypto space to disseminate fraudulent links.

Over the past few months, cyber-attacks have targeted prominent figures such as media commentator Peter Schiff, Uniswap founder Hayden Adams, Sandbox CEO Arthur Madrid, and renowned NFT artist Peeple.

These incidents highlight the escalating security challenges in the digital space, urging individuals and platforms to enhance their security measures to ward off potential threats.

Read more: Ethereum co-founder Vitalik Buterin exits MakerDAO position
crypto.news