Vitalik Buterin has shared details of how hackers managed to take over his Twitter account and steal $691,000 from his followers last week.
In a post on decentralized social network Farcaster, the co-founder told followers that hackers had used a SIM swap attack to spoof Twitter into resetting his Twitter password, giving them access to his account and his 4.9 million followers.
“It was a SIM swap, meaning that someone socially-engineered T-Mobile itself to take over my phone number,” said Buterin.
Buterin said that the hack was made easier because the social network, known as X following Elon Musk’s takeover last year, uses a phone number to recover an account. “A phone number is sufficient to password reset a Twitter account even if not used as 2FA,” he said, adding that users can “completely remove [a] phone from Twitter.”
Buterin said he didn’t remember specifically adding his phone number, speculating that it may have been a required piece of data to join X’s Twitter Blue verification program.
He then commented on Farcaster’s enhanced security, and its use of Ethereum addresses as a better way to prevent accounts being compromised.
“Glad to be a farcaster, where my account recovery can be controlled by a good wholesome ethereum address :)” Buterin said.
The $691,000 NFT spam attack
The exploit, which took place on September 9, was used to post a fake NFT giveaway prompting users to click on a malicious link that resulted in those victims collectively losing more than $691,000.
Crypto Twitter users were quick to raise the alarm about the fake link, but the first apparent acknowledgment that Buterin was hacked came from his father, Dmitriy “Dima” Buterin.
This is not the first time the Buterin family has fallen victim to Twitter hackers.
In August this year, Vitalik’s mother Natalia Ameline was caught up in a Twitter exploit. Ameline is General DAC Manager and the Head of Investor Relations for Metis, a layer-2 scaling solution for Ethereum. The project was hacked on Twitter and used to post malicious links that led to some followers’ wallets being compromised.