Vitalik Buterin, the co-founder of Ethereum, recently disclosed that his X (Twitter) account breach was a result of a SIM-swap attack. In a detailed account of the incident shared on Farcaster, a decentralized social media platform, Buterin explained how his phone number was compromised through manipulation of T-Mobile, his telecommunications service provider.
The SIM-swap attack employed a sophisticated social engineering approach, which enabled the hacker to reset Buterin’s X account password, bypassing the need for two-factor authentication (2FA).
Buterin has since regained control of his T-Mobile account and issued a warning to users, advising them to reconsider linking their phone numbers to their X (Twitter) accounts to bolster security.
He admitted that while he had previously received recommendations against using phone numbers for authentication, he didn’t fully comprehend the severity of the issue until this incident.
The breach occurred on September 9, when the attacker, who had gained access to Buterin’s X account, organized a fraudulent non-fungible token (NFT) giveaway. Unsuspecting users were enticed to click on a malicious link, resulting in substantial losses totaling over $691,000.
SIM-swap attacks, also known as sim jacking, are increasingly common tactics employed by cybercriminals to hijack mobile phone numbers. Once in control of a phone number, attackers can circumvent 2FA security measures, gaining unauthorized access to social media, banking, and cryptocurrency accounts.
This incident serves as a stark reminder of the vulnerabilities associated with phone number-based authentication and the need for heightened security awareness in the cryptocurrency and social media space. Users are encouraged to explore alternative authentication methods to protect their online accounts from such attacks