KEY POINTS
- Buterin’s X account was hacked over the weekend
- The fraudulent post was taken down, and Buterin’s account was almost immediately recovered
- SIM swapping is a scheme where scammers contact the user’s mobile phone carrier and trick them into activating the SIM card that the malicious actors have
After nearly $700,000 in funds were drained from the victims, who fell prey to a scam on the hacked X account of crypto genius Vitalik Buterin, the Ethereum co-founder confirmed he was a victim of a SIM-swap scheme and revealed the details of the incident.
On Monday night, Buterin said he had recovered his mobile account and confirmed the reason behind the hack of his X (formerly Twitter) account was a SIM-swap scheme executed by malicious actors.
“Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially engineered T-mobile itself to take over my phone number),” the crypto genius said on the decentralized social media network Farcaster.
While Buterin said he could barely recall when he added the number, he speculated it might be during the time he signed up for Twitter Blue, the social media platform’s subscription service that allows users to access premium features and benefits available on the app.
“I don’t remember when I *added* the number; my guess is that it was required to sign up for Twitter Blue,” the Ethereum co-founder revealed.
He also shared he was glad to be using Farcaster, as its account recovery requires an Ethereum address.
“Anyway, glad to be on Farcaster, where my account recovery can be controlled by a good wholesome Ethereum address,” Buterin shared.
Furthermore, the crypto genius shared his learnings on the recent incident, which are: “A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter” and “I had seen the “phone numbers are insecure, don’t authenticate with them” advice before, but did not realize this.”
Buterin’s X account was hacked over the weekend, which posted a phishing link that scammed several victims as it posted a fake Consensys campaign luring users to participate in an airdrop event hosted by the global blockchain company to avail of the “commemorative” NFTs that were given out in celebration of “Proto-Danksharding” coming to Ethereum.
The fraudulent post was taken down, and Buterin’s account was almost immediately recovered from malicious actors.
SIM swapping is a scheme where scammers contact the user’s mobile phone carrier and trick them into activating the SIM card that the malicious actors have.
Scammers also take advantage of a weakness in two-factor authentication (2FA) and verification, and use the phone number to gain access to the owner’s account.