Buterin unveils X account hack stemmed from SIM-swap attack
Ethereum’s co-founder, Vitalik Buterin, has shed light on the unsettling breach of his X (Twitter) account, attributing it to a SIM-swap attack.
Sharing his experience on Farcaster, a decentralized social media platform, on Sept. 12, Buterin recounted his ordeal. He stated that the hacker manipulated T-Mobile, the telecommunications service provider, to seize control of his phone number.
“Yes, it was a SIM swap, meaning that someone socially-engineered T-mobile itself to take over my phone number.”
Vitalik Buterin, co-founder of Ethereum
This sophisticated social engineering tactic allowed the hacker to reset the password of Buterin’s X account, even without utilizing it as a two-factor authentication (2FA) method.
The Ethereum (ETH) magnate has regained control of his T-Mobile account and urged users to consider removing their phone numbers from X (Twitter) to enhance security.
He acknowledged that he had previously encountered advice against using phone numbers for authentication but did not fully grasp the gravity of the situation until now.
The breach on Sept. 9 saw the hacker exploiting Buterin’s X account to orchestrate a fraudulent non-fungible token (NFT) giveaway. Unsuspecting users were lured into clicking a malicious link, culminating in a staggering loss of over $691,000.
SIM-swap attacks, also known as sim jacking, are becoming an increasingly prevalent method cybercriminals use to hijack mobile phone numbers. Once in control of the number, they can bypass 2FA security measures to infiltrate social media, banking, and cryptocurrency accounts.
Crypto industry giants raise alarm on phishing scams
This breach is not an isolated incident, as phishing scams proliferate on social media platforms. Notable figures in the cryptocurrency sector, including Binance CEO Changpeng Zhao, have voiced concerns over these cyber-attack surges.
These scams often involve verified bots and are strategically aimed at high-profile individuals in the crypto space to disseminate fraudulent links.
Over the past few months, cyber-attacks have targeted prominent figures such as media commentator Peter Schiff, Uniswap founder Hayden Adams, Sandbox CEO Arthur Madrid, and renowned NFT artist Peeple.
These incidents highlight the escalating security challenges in the digital space, urging individuals and platforms to enhance their security measures to ward off potential threats.