In
a candid revelation, Ethereum’s Co-Founder Vitalik Buterin disclosed that the
recent hack of his Twitter account, known as X, was the result of a SIM-swap
attack. Speaking on the decentralized social media platform, Farcaster on
September 12, Buterin shed light on the incident and offered some valuable
lessons learned.
A
SIM-swap attack, also known as
simjacking, is a tactic employed by hackers to seize control of a victim’s
mobile phone number. Once in possession of the phone number, scammers can
exploit two-factor authentication (2FA) to access social media accounts,
banking services, and cryptocurrency holdings.
Buterin’s
revelation serves as a stark reminder of the evolving threats in the digital
age and the importance of safeguarding personal information and online accounts
from potential vulnerabilities. It additionally calls for increased vigilance among
both individuals and service providers to fortify security measures against
these types of cyberattacks.
The
Vulnerability of Phone Numbers: Password Reset for X Accounts
Buterin
explained that the attacker executed a SIM-swap attack by socially engineering
T-Mobile, the mobile service provider. This manipulation allowed the hacker to
gain control of Buterin’s phone number, which subsequently led to compromising his X account.
He
emphasized the inherent vulnerability of using a phone number for password
recovery on social media platforms, even when it’s not utilized for two-factor
authentication (2FA). Buterin’s experience underscored the importance of users
taking proactive measures to protect their online accounts.
“A
phone number is sufficient to password reset a Twitter account even if not used
as 2FA,” Buterin warned, adding that users have the option to
“completely remove [a] phone from Twitter.” This revelation
highlights a critical security flaw that many may not have been aware of.
The
hacking incident, which transpired on September 9, involved scammers taking
control of Buterin’s Twitter account and conducting a fraudulent NFT giveaway.
Users were prompted to click on a malicious link, resulting in collective
losses exceeding $691,000.
T-Mobile
Faces Lawsuit over SIM-Swap Attack Leading to $450,000 Crypto Theft
Notably,
this is not the first time that T-Mobile has been associated with such attacks.
Finance Magnates…