Ethereum co-founder Vitalik Buterin confirmed that the recent hack of his X account (formerly Twitter) was the result of a SIM-swap attack.
Sharing the entire ordeal on a post on the decentralized social network Farcaster, Buterin revealed that the attack was executed through a sim swap, indicating that scammers had successfully socially engineered T-Mobile to gain control of his phone number.
- One of the key takeaways from Buterin’s experience was the vulnerability of Twitter’s account recovery system. He emphasized that even if a phone number is not used as a two-factor authentication (2FA) method, it can still be leveraged to reset a Twitter account’s password.
“Finally got back my T-Mobile account (yes, it was a sim swap, meaning that someone socially engineered T-Mobile itself to take over my phone number).”
- This revelation also underscores the security risks associated with relying on phone numbers for authentication despite prior advice cautioning against it.
- Buterin also admitted that he had come across advice discouraging the use of phone numbers for authentication in the past, but it wasn’t until now that he fully comprehended the seriousness of the matter.
- CryptoPotato had earlier reported the breach of Buterin’s X account, which resulted in victims allegedly losing more than $800,000 due to a malicious link falsely promoting a free NFT.
- The first publicly-claimed punk NFT, which is quite possibly the very first ever minted, was also lost the exploit, which took place on September 9th.
- Following alerts by prominent on-chain experts, including PeckShield and ZachXBT, Dmitry Buterin, the Ethereum co-founder’s father, also confirmed that his son’s account was compromised.