Vitalik Buterin: SIM Swap Attack Behind $700,000 Twitter Hack

Vitalik Buterin has shared particulars of how hackers managed to take over his Twitter account and steal $691,000 from his followers final week.

In a put up on decentralized social community Farcaster, the Ethereum co-founder advised followers that hackers had used a SIM swap assault to spoof Twitter into resetting his Twitter password, giving them entry to his account and his 4.9 million followers.

“It was a SIM swap, that means that somebody socially-engineered T-Cell itself to take over my telephone quantity,” mentioned Buterin.

Buterin mentioned that the hack was made simpler as a result of the social community, often called X following Elon Musk’s takeover final yr, makes use of a telephone quantity to get well an account. “A telephone quantity is enough to password reset a Twitter account even when not used as 2FA,” he mentioned, including that customers can “fully take away [a] telephone from Twitter.”

Buterin mentioned he didn’t bear in mind particularly including his telephone quantity, speculating that it might have been a required piece of information to affix X’s Twitter Blue verification program.

He then commented on Farcaster’s enhanced safety, and its use of Ethereum addresses as a greater strategy to stop accounts being compromised.

“Glad to be a farcaster, the place my account restoration might be managed by a very good healthful ethereum deal with :)” Buterin mentioned.

The $691,000 NFT spam assault

The exploit, which passed off on September 9, was used to put up a pretend NFT giveaway prompting customers to click on on a malicious hyperlink that resulted in these victims collectively dropping greater than $691,000.

Crypto Twitter customers have been fast to boost the alarm in regards to the pretend hyperlink, however the first obvious acknowledgment that Buterin was hacked got here from his father, Dmitriy “Dima” Buterin.

The hackers subsequently despatched Buterin an NFT from the Vitalik Elementals assortment that they had gleaned from the exploit. The group behind the NFT assortment reimbursed the sufferer with one other model of the NFT.

This isn’t the primary time the Buterin household has fallen sufferer to Twitter hackers.

In August this yr, Vitalik’s mom Natalia Ameline was caught up in a Twitter exploit. Ameline is Basic DAC Supervisor and the Head of Investor Relations for Metis, a layer-2 scaling answer for Ethereum. The venture was hacked on Twitter and used to put up malicious hyperlinks that led to some followers’ wallets being compromised.