Ethereum co-founder Vitalik Buterin has confirmed that the current hack of his X (Twitter) account was the results of a SIM-swap assault.
Talking on the decentralized social media community Farcaster on Sept. 12, Buterin said that he has lastly recovered his T-Cell account after the hacker managed to achieve management of it by way of a SIM swap assault.
“Sure, it was a SIM swap, which means that somebody socially-engineered T-mobile itself to take over my telephone quantity.”
The Ethereum co-founder added some classes and learnings from his expertise with X.
“A telephone quantity is ample to password reset a Twitter account even when not used as 2FA,” he stated be for including that customers can “utterly take away telephone from Twitter.”
“I had seen the ‘telephone numbers are insecure, do not authenticate with them’ recommendation earlier than, however didn’t notice this.”
On Sept. 9, Buterin’s X account was taken over by scammers who posted a faux NFT giveaway prompting customers to click on a malicious hyperlink which resulted in victims collectively dropping over $691,000.
A SIM-swap or simjacking assault is a method utilized by hackers to achieve management of a sufferer’s cell phone quantity. With management of the quantity, scammers can use two-factor authentication (2FA) to entry social media, financial institution, and crypto accounts.
It isn’t the primary time T-Cell has been concerned in this sort of assault vector. In 2020, the telecoms big was sued for allegedly enabling the theft of $8.7 million price of crypto in a collection of SIM-swap assaults.