Ethereum Co-Founder Vitalik Buterin Recovers T-Mobile Account After SIM Swap Attack
Vitalik Buterin, the co-founder of Ethereum, has regained control of his T-Mobile account after falling victim to a SIM swap attack that resulted in a phishing scam on X (formerly Twitter). Buterin revealed on Warpcast, a client for the decentralized social protocol Farcaster, that his phone number was used to reset his X account, even though it wasn’t used for two-factor authentication. This incident highlights the insecure nature of using phone numbers for authentication in the crypto space. Buterin speculated that he may have linked his phone number to his X account when signing up for a Twitter Blue premium subscription. Flashbots strategy lead Hasu also warned X users, stating that every Twitter Blue account is susceptible to SIM swapping.
Twitter Blue Sign-Ups and Phone Numbers
Buterin suggested that many X users may unknowingly have their phone numbers linked to their accounts, possibly due to signing up for Twitter Blue. Hasu advised all users to be vigilant and remove their phone numbers from their Twitter profiles. The phone numbers associated with Twitter Blue accounts can be used to reset the accounts, regardless of whether they are used for two-factor authentication. Users should go to their account settings/profile to remove their phone numbers immediately.
A $700,000 Phishing Attack
Following the SIM swap attack, Buterin’s X account was compromised and used in a phishing scam that resulted in the theft of around $700,000 worth of cryptocurrencies and NFTs. The attackers promoted a fake commemorative NFT mint using the compromised account, tricking users into visiting a malicious website designed to steal funds from interacting wallets. This incident adds to the growing number of phishing attacks targeting X, with other prominent crypto figures and organizations also falling victim.
Hot Take: Crypto Users Must Enhance Security Measures
The recent SIM swap attack on Vitalik Buterin’s T-Mobile account serves as a reminder that crypto users must take additional security measures to protect their assets. Relying solely on phone numbers for authentication poses significant risks, as demonstrated by the ease with which malicious actors can reset accounts. It is crucial for users to be aware of the potential vulnerabilities associated with phone numbers and to consider alternative authentication methods, such as the use of authenticator apps. Additionally, platforms like Twitter should prioritize strengthening their security protocols to prevent these types of attacks from occurring in the first place.