Vitalik Says X Account Hacked Via SIM-Swap
- Ethereum co-founder Vitalik Buterin has regained his T-Mobile account, which on Saturday was compromised by hackers and used to take over his X account.
- On 9 September, hackers used a SIM-swap attack to take over Buterin’s X account, and siphon close to $700,000 in crypto by promoting a fake NFT giveaway.
Ethereum co-founder and Vitalik Buterin speaks during TechCrunch Disrupt. 18 September, 2017, San Francisco, California.Steve Jennings/Getty Images for TechCrunch
Ethereum co-founder Vitalik Buterin has regained access to his T-Mobile account after confirming that the phishing scam on Saturday was a result of SIM swap attack, Buterin said via Farcaster on 12 September.
In hi thread on the decentralized social media network, Buterin said that “someone socially-engineered T-mobile itself” to take over his mobile number, which was later used to gain access to his X (formerly Twitter) account. This method of attack is called a SIM-swap, or sim-jacking attack, and it allows a hacker to gain control over a victim’s mobile phone number, which is later used tp access their social media, bank, and other accounts.
The Etherem co-founder noted that the lesson he learned was that a phone number was sufficient enough for malicious actors to reset his X account, even when its not used for two-factor authentication (2FA). While he did not remember when he “added the number”, Buterin believes it was required by X when he was signing up for Twitter Blue.
Buterin’s X account was compromised by a scammer on 9 September, and used to promote a fake commemorative NFT giveaway that included a malicious link. Once users clicked on the link, they were transported to a malicious website designed to siphon funds from their wallets by interacting with the popular Drainer software. Close to $700,000 in user crypto assets were lost using this phishing scam.
This is not the first time T-Mobile was involved in this type of an attack, with the telecoms giant becoming a target of a lawsuit for enabling the theft of $8.7 million worth of crypto in 2020. The company was sued once again in 2021, when a customer lost $450,000 in Bitcoin in another SIM-swap attack.
- A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
- Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.
Shutterstock
- Blockchain network Terra said its website was compromised by hackers over the weekend, and warned users against ongoing phishing scams.
- The platform later froze its website to prevent the hackers from exploiting it, and reminded users to avoid websites with the terra.money domain for now.
- Although it was launched in beta on 10 August, the platform has already entered the list of top three fee generating crypto projects by earning $1.42 million in 24 hours.
- Friend.tech is a social app integrated with X (formerly Twitter) that allows users to sell and buy tokenized shares of their social network, gaining access to exclusive content and private chat rooms.