Vitalik Buterin Uncovers SIM-Swap Attack as Culprit Behind X Account Hack

Vitalik Buterin, the co-founder of Ethereum, has revealed that the recent breach of his X (Twitter) account was orchestrated through a SIM-swap attack. Buterin disclosed this information while participating in a conversation on the decentralized social media platform Farcaster on September 12. He recounted how he successfully regained control of his T-Mobile account after the hacker employed a SIM swap technique to hijack it.

In his own words, Buterin explained, “Yes, it was a SIM swap, meaning that someone socially-engineered T-Mobile itself to take over my phone number.” This statement highlights the vulnerability of phone numbers in the process of password resetting, even when not serving as two-factor authentication (2FA). Buterin emphasized that users have the option to completely eliminate their phone numbers from their Twitter accounts, a precautionary measure he himself overlooked, admitting, “I had seen the ‘phone numbers are insecure, don’t authenticate with them’ advice before, but did not realize this.”

The incident unfolded on September 9 when Buterin’s X account was compromised by scammers who used it to promote a counterfeit NFT giveaway, luring unsuspecting users to click on a malicious link. This deceptive scheme resulted in victims collectively losing over $691,000.

In response to the breach, Ethereum developer Tim Beiko urged X account holders to remove their phone numbers and activate 2FA. He suggested that it should be a default setting, stating, “Seems like a no-brainer to have this default on, or to default turn it on when an account reaches, say, >10k followers.” Beiko directed this recommendation to the platform’s owner, Elon Musk.

A SIM-swap, or simjacking, attack is a tactic frequently employed by cybercriminals to wrest control of a target’s mobile phone number. Once they possess the victim’s number, malicious actors can exploit 2FA to access social media accounts, bank accounts, and even cryptocurrency holdings.

This incident sheds light on the recurring issue of SIM-swap attacks involving T-Mobile. In 2020, the telecommunications giant faced legal action for allegedly facilitating the theft of $8.7 million in cryptocurrency through a series of SIM-swap attacks. A similar lawsuit was filed against T-Mobile in February 2021 when a customer lost $450,000 in Bitcoin due to another SIM-swap attack.

For more news, find me on Twitter or subscribe to my YouTube channel.

What is your opinion on this issue? Leave me your comment below! I’m always interested in your opinion!

Leave a Reply

Your email address will not be published. Required fields are marked *

Recommended for you