Ethereum co-founder Vitalik Buterin has confirmed that the current hack of his X (Twitter) account was the results of a SIM-swap assault.
Talking on the decentralized social media community Farcaster on Sept. 12, Buterin said that he has lastly recovered his T-Cellular account after the hacker managed to realize management of it by way of a SIM swap assault.
“Sure, it was a SIM swap, which means that somebody socially-engineered T-mobile itself to take over my telephone quantity.”
The Ethereum co-founder added some classes and learnings from his expertise with X.
“A telephone quantity is ample to password reset a Twitter account even when not used as 2FA,” he stated be for including that customers can “fully take away telephone from Twitter.”
“I had seen the ‘telephone numbers are insecure, do not authenticate with them’ recommendation earlier than, however didn’t notice this.”
On Sept. 9, Buterin’s X account was taken over by scammers who posted a faux NFT giveaway prompting customers to click on a malicious hyperlink which resulted in victims collectively dropping over $691,000.
A SIM-swap or simjacking assault is a way utilized by hackers to realize management of a sufferer’s cell phone quantity. With management of the quantity, scammers can use two-factor authentication (2FA) to entry social media, financial institution, and crypto accounts.
It’s not the primary time T-Cellular has been concerned in any such assault vector. In 2020, the telecoms large was sued for allegedly enabling the theft of $8.7 million value of crypto in a collection of SIM-swap assaults.