Ethereum Co-founder Vitalik Buterin finally speaks out after a breach of his X account last weekend confirming it was due to a SIM swap attack. Buterin made this known earlier today via the decentralized social media network Farcaster.
According to him, he has finally gained control over his T-Mobile account after the perpetrators “socially engineered T-Mobile” to take control of his phone number. The incident saw phishing links promoted on his account ignited conversations around security measures.
Buterin went on to highlight some lessons he learned while using X (formerly Twitter). He pointed out that even if a phone number is not used as 2fa on Twitter, it is still enough to reset an account password, adding that he had been previously advised not to use his phone number as an authentication method, but failed to listen.
“A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter,” he said.
Victims lost almost $700k from the hack
As previously reported by 36crypto, Vitalik Buterin’s X account was taken over by hackers on September 9 who posted phishing links promoting a fake NFT giveaway. The post urged users to participate in the limited offer by clicking on the link attached to the post.
Before it was verified as fake, unsuspecting users already interacted with the post which resulted in a collective loss of almost $700,000 ($700k). A notable Ethereum developer, Bok Khoo was one of the victims of the hack, losing 153 ETH worth of his CryptoPunk NFT (approximately $250,000).
Following the incident, a wide range of speculations dominated the crypto community with members discussing vulnerability and cyber threats. Some users already even speculated that the attack was a result of a SIM swap.
Ethereum developer Tim Beiko advised the public on September 10 against using their phone numbers for 2FA on X.
“If you have a phone number linked on your account, even with other 2FA, it can be used to reset your PW. Need to specifically disable it + remove phone #,” he said.
T-Mobile and SIM swap attacks
Meanwhile, this would not be the first time T-Mobile has been involved in this form of attack. The telecommunication company was sued in 2020 for enabling the theft of crypto worth about $8.7 million. Also, in February 2021, a customer sued the company after they lost $450,000 worth of Bitcoin in a SIM-swap attack.
Hackers use SIM swap as a type of attack to gain control over a victim’s phone number consequently having access to their social media, banks, and crypto accounts.
Read More:
- Almost $700K in Digital Asset Lost Through Phishing Attack on Vitalik Buterin’s Account
- Thailand Police Arrests 5 Suspects Involved in a $76 Million Crypto Scam
- How to Recover My Stolen Cryptocurrency