Cointelegraph
DOGE$0.07277 0.49%
TRX$0.3228 0.12%
LINK$8.25 2.19%
ZEC$543.11 0.60%
ADA$0.1666 2.11%
XRP$1.08 0.73%
ETH$1,841.88 1.94%
BTC$64,102.78 0.08%
XMR$330.52 1.65%
BNB$568.43 1.35%
XLM$0.1863 2.17%
SOL$75.02 1.17%
HYPE$59.88 4.01%
Written by Martin Youngstaff writerReviewed by Ana Paula Pereirastaff editor

Vitalik Buterin reveals X account hack was caused by SIM swap attack

Latest NewsPublishedSep 12, 2023

The Ethereum co-founder has regained control of his T-Mobile account, confirming that a SIM swap attack resulted in the hack of his X account.

vitalik-buterin-reveals-x-account-hack-was-caused-by-sim-swap-attack

Ethereum co-founder Vitalik Buterin has confirmed that the recent hack of his X (Twitter) account was the result of a SIM swap attack.

Speaking on the decentralized social media network Farcaster on Sept. 12, Buterin said that he has finally recovered his T-Mobile account after the hacker managed to gain control of it via a SIM swap attack.

“Yes, it was a SIM swap, meaning that someone socially-engineered T-mobile itself to take over my phone number.”

The Ethereum co-founder added some lessons and learnings from his experience with X.

Vitalik Buterin confirms how his X account was accessed by hackers. Source: Warpcast

“A phone number is sufficient to password reset a Twitter account even if not used as 2FA,” he said, adding that users can “completely remove [a] phone from Twitter.”

“I had seen the ‘phone numbers are insecure, don't authenticate with them’ advice before, but did not realize this.”

On Sept. 9, Buterin’s X account was taken over by scammers who posted a fake NFT giveaway prompting users to click a malicious link, which resulted in victims collectively losing over $691,000.

On Sept. 10, Ethereum developer Tim Beiko strongly recommended removing phone numbers from X accounts and having 2FA enabled. “Seems like a no-brainer to have this default on, or to default turn it on when an account reaches, say, >10k followers,” he said to platform owner Elon Musk.

Twitter opsec PSA:

If you have a phone number linked on your account, even with other 2FA, it can be used to reset your PW. Need to specifically disable it + remove phone #.

If your Twitter account pre-dates crypto, strongly recommend double-checking, and adding strong 2FA! pic.twitter.com/uXrvHYhQvJ— timbeiko.eth (@TimBeiko) September 9, 2023

Related: How easy is a SIM swap attack? Here’s how to prevent one

A SIM swap or simjacking attack is a technique used by hackers to gain control of a victim’s mobile phone number. With control of the number, scammers can use two-factor authentication (2FA) to access social media, bank, and crypto accounts.

It is not the first time T-Mobile has been involved in this type of attack vector. In 2020, the telecoms giant was sued for allegedly enabling the theft of $8.7 million worth of crypto in a series of SIM swap attacks.

T-Mobile was also sued again in February 2021 when a customer lost $450,000 in Bitcoin in another SIM swap attack.

Article updated to include additional comments from Tim Beiko.

Magazine: How to protect your crypto in a volatile market: Bitcoin OGs and experts weigh in

1 minute letter

Subscribe to daily byte-sized crypto news from Cointelegraph

Subscribe
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

More on the subject