Ethereum co-founder Vitalik Buterin revealed that his X account (Twitter) was compromised, luring followers into a phishing trap. Many people lost NFTs and digital assets after believing the fake Ethereum NFT announcement from the breached account.
The post turned out to be fake and people who responded were sent to a phishing site. In the end, they lost their digital assets, and according to estimates, the stolen tokens involved in the account breach reached more than $691,000. Now, Buterin has revealed shocking details about his recent hacking experience. He said that this incident happened due to SIM swap.
The 29-year-old Ethereum executive reported that he was the victim of a SIM-swap attack, where criminals gained access and controlled his X account without authorization. According to CoinTelegraph, Buterin told Farcaster, a decentralized social media network, that he was able to recover his T-Mobile account after the SIM swap.
“Yes, it was a SIM swap, meaning someone socially engineered T-Mobile itself to take my phone number,” Buterin shared. “A phone number is enough to reset a Twitter account’s password, even if not used as 2FA. I’d seen the ‘phone numbers are insecure, don’t authenticate with them’ advice before, but realized Not done.”
He said the incident showed him that users could “completely remove a phone from Twitter.” Anyway, SIM swap is also called SIM jacking attack because hackers use a special technique to gain control over someone’s mobile phone number. Once the crooks take over the number, they can use two-factor authentication (2FA) to easily access the victim’s bank account, social media, crypto accounts, and more.
Meanwhile, Coinown noted that this is not the first time T-Mobile has been involved in a hacking attack. The telecom company made headlines in 2020 after being sued for allegedly allowing a theft where $8.7 million worth of cryptocurrency was taken. In 2021, another SIM-swap attack occurred and a customer lost $450,000 in Bitcoin in this episode.
Photo by: BoliviaIntelligent/Unsplash