Vitalik Buterin, the renowned creator of Ethereum (ETH), recently found himself a victim of a SIM-swap attack that compromised his account on the social media platform X (formerly known as Twitter). In a detailed post on the decentralized social network Farcaster, Buterin revealed the concerning incident and its aftermath.
The attack on Buterin’s accounts began with the perpetrator taking control of his T-Mobile phone number through a SIM-swap scheme. In such scams, fraudsters manipulate mobile phone carriers into activating the target’s phone number on a SIM card under their control. Once they have control of the SIM card, they attempt to intercept two-factor authentication (2FA) codes, providing them with access to the victim’s accounts.
Having successfully commandeered Buterin’s X account, the hackers used it to promote a non-fungible token (NFT) scam, ultimately making off with a staggering $691,000. Buterin’s ordeal highlighted the vulnerabilities associated with using phone numbers for account recovery and security.
Buterin shared some valuable insights from the experience, notably emphasizing the following:
1. A phone number alone can be sufficient to reset a Twitter (X) account password, even if it’s not used as 2FA.
2. It’s possible to completely remove a phone number from a Twitter account.
Buterin acknowledged that he had previously encountered advice warning against relying on phone numbers for authentication but hadn’t fully grasped the implications until now. He speculated that his phone number might have been required during the sign-up process for Twitter Blue, a premium subscription service.
One noteworthy aspect of Buterin’s response to this security breach is his shift to using Farcaster, a decentralized social network. Farcaster offers more robust account recovery options tied to Ethereum addresses, providing users with greater control and security over their profiles.
Dan Romero, co-founder of Farcaster, had welcomed Buterin to the platform last year, and this incident serves as a practical example of why decentralized alternatives are gaining traction among individuals concerned about their online security.
Buterin’s experience underscores the ongoing challenges of cybersecurity in an increasingly digital world and serves as a reminder for individuals and organizations alike to continually assess and enhance their security practices to protect against evolving threats.