Ethereum co-founder Vitalik Buterin confirmed that the recent hack of his X account (formerly Twitter) was the result of a SIM-swap attack.
Sharing the entire ordeal on a post on the decentralized social network Farcaster, Buterin revealed that the attack was executed through a sim swap, indicating that scammers had successfully socially engineered T-Mobile to gain control of his phone number.
One of the key takeaways from Buterin’s experience was the vulnerability of Twitter’s account recovery system. He emphasized that even if a phone number is not used as a two-factor authentication (2FA) method, it can still be leveraged to reset a Twitter account’s password.
“Finally got back my T-Mobile account (yes, it was a sim swap, meaning that someone socially engineered T-Mobile itself to take over my phone number).”
This revelation also underscores the security risks associated with relying on phone numbers for authentication despite prior advice cautioning against it.
Buterin also admitted that he had come across advice discouraging the use of phone numbers for authentication in the past, but it wasn’t until now that he fully comprehended the seriousness of the matter.
CryptoPotato had earlier reported the breach of Buterin’s X account, which resulted in victims allegedly losing more than $800,000 due to a malicious link falsely promoting a free NFT.
The first publicly-claimed punk NFT, which is quite possibly the very first ever minted, was also lost the exploit, which took place on September 9th.
Following alerts by prominent on-chain experts, including PeckShield and ZachXBT, Dmitry Buterin, the Ethereum co-founder’s father, also confirmed that his son’s account was compromised.
The post Vitalik Buterin Reveals SIM Swap Attack as Root Cause of Twitter Hack appeared first on CryptoPotato.
—
Blog powered by G6
Disclaimer! A guest author has made this post. G6 has not checked the post. its content and attachments and under no circumstances will G6 be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from your use of or inability to use this website or any websites linked to it, or from your reliance on the information and material on this website, even if the G6 has been advised of the possibility of such damages in advance.
For any inquiries, please contact [email protected]
