Ethereum co-founder Vitalik Buterin has confirmed that the recent breach of his X account (formerly Twitter) was the result of a SIM-swap attack. Buterin took to the decentralized social network Farcaster to share the harrowing details of this security incident, shedding light on the vulnerabilities within Twitter’s account recovery system.
The attack that befell Buterin was executed through a SIM swap, a method that involved social engineering tactics to manipulate T-Mobile into relinquishing control of his phone number. Buterin highlighted that even when a phone number is not employed as a two-factor authentication (2FA) method, it can still be exploited to reset a Twitter account’s password.
He expressed his frustration and concern in a Farcaster post, stating, “Finally got back my T-Mobile account (yes, it was a sim swap, meaning that someone socially engineered T-Mobile itself to take over my phone number).”
This incident underscores the urgent need for improved security measures in the realm of cryptocurrency and social media platforms. Despite previous warnings against using phone numbers for authentication, this breach serves as a poignant reminder of the potential consequences.
Hack on Vitalik Buterin Led to NFT Theft
Bull’s Gazette previously reported on the breach of Vitalik Buterin’s X account, which led to victims allegedly losing more than $691,000 due to a malicious link that fraudulently promoted a free NFT. Furthermore, the exploit resulted in the loss of what is believed to be the first publicly-claimed punk NFT, possibly the very first ever minted, on September 9th.
Prominent on-chain experts, including PeckShield and ZachXBT, issued alerts following the breach. Dmitry Buterin, the father of Vitalik Buterin, also confirmed the compromise of his son’s Twitter account, raising concerns about the broader implications of such security lapses.