Vitalik Buterin’s Twitter Hacked in SIM-Swap Attack

The co-founder of Ethereum contributed some lessons and insights from his experience with X. Vitalik Buterin, co-founder of Ethereum, who has verified that his Twitter account was compromised due to a SIM-swap attack.

Buterin announced on September 12 via the decentralized social media network Farcaster that he has reclaimed control of his T-Mobile account following a SIM exchange attack by a hacker.

“A phone number is sufficient to reset a Twitter account’s password, even if it is not used as 2FA,” he said, adding that users can “completely remove [a] phone from Twitter.

On September 9, fraudsters hacked Buterin’s X account and posted a fake NFT giveaway that enticed users to open a malicious link, resulting in victims losing over $691,000 collectively.

Tim Beiko, an Ethereum developer, vehemently suggested removing phone numbers from X accounts and enabling 2FA on September 10.

“It seems like a no-brainer to have this enabled by default, or to turn it on by default when an account reaches, say, >10,000 followers,” he told platform owner Elon Musk.

A SIM-swap or SIM-jacking attack is a method employed by cybercriminals to obtain control of a victim’s mobile phone number.

Scammers can use two-factor authentication (2FA) to access social media, banking, and cryptocurrency accounts if they control the number.

This is not the first time that T-Mobile has been the target of this form of attack vector. The telecoms behemoth was sued in 2020 for allegedly facilitating the theft of $8.7 million worth of cryptocurrency in a series of SIM-swap attacks.

In February 2021, T-Mobile was sued again after a customer lost $450,000 in Bitcoin in another SIM-swap attack.