Vitalik Buterin, a widely known computer programmer and Ethereum co-creator, recently faced an unexpected account hack. The fraudsters gained access to Buterin’s X (Twitter) account, collectively resulting in a hefty loss.
On September 9th, 2023, Buterin’s X account posted a rather unusual tweet. It contained a link to a collection of commemorative fake NFT giveaways from the software provider Consensys. Unfortunately, the users who responded to this link were exposed to an NFT scam.
In response to this, the first official statement came out from Buterin’s father. He stated that Buterin’s account was hacked, and he was trying to regain access to his X Account.
Later, a popular blockchain enthusiast Zach XBT, known for uncovering vicious acts, stated that the attack had ripped off over $691,000. However, he also said that the exact number of victims was uncertain.
In respect to this incident, an Ethereum developer, Tim Beiko, also shared his views. He suggested his followers remove phone numbers from X Accounts and start to practice two-factor authentication. He further explained that a mere phone number is enough to access the X account if 2FA is not in use. Therefore, users should remove their phone numbers from the platform.
Twitter opsec PSA:
If you have a phone number linked on your account, even with other 2FA, it can be used to reset your PW. Need to specifically disable it + remove phone #.
If your Twitter account pre-dates crypto, strongly recommend double-checking, and adding strong 2FA! pic.twitter.com/uXrvHYhQvJ
— timbeiko.eth ☀️ (@TimBeiko) September 9, 2023
Following the incident, Buterin abstained from making a statement regarding the hack, while the exact number of users affected was still unknown. However, on September 10th, the post was removed from X, and the users took it to their platforms to inform and make others aware of the word.
Buterin Revealed X Account Hack was a Sim-Swap
Henceforward, Buterin acknowledged the incident and declared that a sim-swap attack caused the account hack. It is a form of an account takeover that targets the two-factor authentication and the two-step verification of the account to gain access. With this attack, the scammers can access control of one’s phone number, messages and even bank and crypto accounts.
NEWS: Vitalik Buterin reveals Twitter (X) account hack was caused by SIM-swap attack.
📰 https://t.co/iJVTndtwvR pic.twitter.com/wv2D6GQqBh
— CoinGecko (@coingecko) September 12, 2023
On September 12, 2023, Buterin posted a statement about retrieving his T-Mobile Account. He further explained that the hack was a sim-swap, meaning someone had access to his personal information.
Notably, it is not the first time that T-Mobile has been involved in any kind of defraud. In March 2020, hackers attained access to T-Mobile employees’ email accounts. Those accounts contained confidential information like government ID numbers and social security numbers. The history of these spiteful acts by T-Mobile does not end here. Moreover, in August 2021, attackers forcefully made their way into T-Mobile’s network by gaining access to testing environments. Although, at that time, the attacker failed to retrieve any financial information, he managed to steal about 56.4 million of the customers.
At last, Buterin highlighted a critical security awareness. He emphasized the possible risks of linking phone numbers with platforms when two-factor authentication is not observed. Buterin acknowledged the comments made by Tim Beiko and advised users to remove their phone numbers linked with any online platform.