Vitalik Buterin Discloses Twitter SIM Swap Attack That Drained $691K From Users’ Wallets
Ethereum co-founder Vitalik Buterin revealed that his recent Twitter (X) account hack, that wiped over $691,000 victims’ funds in a fake NFT promo, was a result of a “SIM swap” attack.
Blockchain analyst ZachXBT, which confirmed $691,000 had been drained from people's wallets, declined to speculate whether Buterin was the victim of a “SIM swap.” The reply came as an X user, Satoshi 767, assumed that the hack could be a SIM Swap attack.
Essentially, SIM swapping occurs when a SIM scammer gains control of a phone number by assuming the victim’s identity and persuading their mobile service provider. Once they have control over this, they pass any SMS-based two-factor authentication (2FA) processes for accounts associated with that number, gaining complete control.
In a post on the decentralized social media Warpcast, Buterin revealed that someone “socially-engineered” his Twitter mobile taking control of his phone number.
“I had seen the ‘phone numbers are insecure, don't authenticate with them’ advice before, but did not realize this.”
He said that the hack taught him to completely remove phone numbers from Twitter. A phone number is “sufficient to password reset a Twitter account even if not used as 2FA,” he added.
“I don't remember when I *added* the number; my guess is that it was required to sign up for Twitter Blue.”
Twitter’s terms were updated in December 2022, which reflected that a verified phone number is required for a Twitter Blue subscription. If a user is not yet a Blue subscriber and hasn’t verified a phone number, the user will be prompted to verify a number when proceeding to sign up.
“Anyway, glad to be on Farcaster, where my account recovery can be controlled by a good wholesome Ethereum address :),” Buterin
Read more on cryptonews.com
