Vitalik Buterin, the Ethereum co-founder, has revealed that the recent unauthorized access to his X (Twitter) account happened through a SIM-swap attack.
On September 12, while discussing matters on the decentralized social media platform Farcaster, Vitalik Buterin shared that he has successfully regained control of his T-Mobile account. He explained how hackers were able to take over his account by executing a SIM swap attack.
A SIM-swap or SIM-jacking attack is a method that hackers use to take control of someone’s mobile phone number.
Scammers use the victim’s phone number and then get into the victim’s account that uses two-factor authentication (2FA), like social media, banking, and cryptocurrency accounts.
Vitalik Buterin said, “Yes, it was a SIM swap, meaning that someone socially engineered T-Mobile itself to take over my phone number.”
“A phone number is sufficient to password reset a Twitter account even if not used as 2FA,” he said, adding that users can “completely remove [a] phone from Twitter.” he further added.
Vitalik also revealed that he doesn’t remember adding his number, but he guesses that it must have been a compulsory requirement for Twitter Blue signup.
On September 9, scammers hacked Vitalik Buterin’s X account and used it to promote a fake NFT giveaway. They tricked users into clicking on a harmful link, causing victims to lose more than $691,000 in total.
Ethereum developer Tim Beiko strongly advised removing phone numbers from X accounts and enabling two-factor authentication (2FA) on September 10.
“Seems like a no-brainer to have this default on, or to default turn it on when an account reaches, say, >10k followers,” he said to platform owner Elon Musk.
Vitalik Buterin added, “I had seen the ‘phone numbers are insecure, don’t authenticate with them’ advice before, but did not realize this.”
In 2020, the big telecommunications company faced a lawsuit for allegedly allowing the theft of $8.7 million in cryptocurrency through a series of SIM-swap attacks.
T-Mobile was sued again in February 2021 when one of its customers lost $450,000 worth of Bitcoin in another SIM-swap attack.
Also Read: Vitalik Buterin Proposes “Privacy Pools” to Protect Privacy
