Ethereum co-founder Vitalik Buterin confirmed that the recent hacking of his X account (formerly Twitter) was the result of a SIM swap attack.
Sharing the entire ordeal in a post on the decentralized social network Farcaster, Buterin revealed that the attack was executed through a SIM card swap, indicating that the scammers successfully socially engineered T-Mobile to gain control over his phone number.
One of the key takeaways from Buterin’s experience was the vulnerability of Twitter’s account recovery system. He emphasized that even if the phone number is not used as a method of two-factor authentication (2FA), it can still be exploited to reset a Twitter account password.
– I finally regained my T-Mobile account (yes, it was a SIM swap, meaning someone socially engineered T-Mobile to take over my phone number) – he wrote.
This revelation also highlights the security risks associated with relying on phone numbers for authentication despite previous warnings against it.
Buterin also acknowledged that he had encountered advice discouraging the use of phone numbers for authentication in the past, but only now fully understood the seriousness of the matter.
The hacking of Buterin’s X account reportedly resulted in victims losing more than $800,000 due to a malicious link falsely promoting a free NFT.
The first public crypto punk NFT, which is likely the first ever created, was also stolen in the exploit that occurred on September 9.
Following warnings from prominent blockchain experts, including PeckShield and ZachXBT, Dmitry Buterin, the father of the Ethereum co-founder, also confirmed that his son’s account had been compromised.
