Ethereum co-founder Vitalik Buterin has revealed that his X account was hacked by a SIM-swap attack, a technique that allows hackers to take over a victim’s phone number and use it to access their online accounts.
Buterin confirmed the attack on Warpcast, a decentralized social media network, on Sept. 12. He said that he has regained control of his T-Mobile account, which was used by the hacker to reset his X password and post a fake NFT giveaway scam.
The scam, which occurred on Sept. 9, lured users to click on a malicious link that promised to send them free NFTs from Buterin. However, the link led to a phishing website that stole their private keys and drained their crypto wallets. According to Warpcast, the scam resulted in losses of over $691,000.
Buterin shared some lessons he learned from the incident and advised users to avoid using phone numbers as authentication methods. He said that phone numbers are insecure and can be easily compromised by social engineering attacks. He also suggested users remove their phone numbers from X and other platforms that support 2FA.
SIM Swap Attacks are Becoming Increasingly Common
This is not the first time that T-Mobile has been involved in SIM-swap attacks. In 2020, the telecom company was sued for allegedly enabling the theft of $8.7 million worth of crypto from several customers who were targeted by SIM-swappers.
SIM-swap attacks are becoming more common and sophisticated as hackers exploit the vulnerabilities of mobile carriers and online services. Users are advised to use more secure methods of authentication, such as hardware wallets, biometrics, or authenticator apps.
A SIM-swap, also known as simjacking, is a method employed by cybercriminals to seize a user’s mobile phone number. Once they have control over the phone number, they can manipulate two-factor authentication (2FA) to gain unauthorized access to the victim’s social media, banking, and cryptocurrency accounts.