Vitalik Buterin Reveals Account X Hack Was Caused by SIM Swap Attack
Ethereum co-founder regained control of his T-Mobile account, confirming SIM swap attack led to his X account being hacked.
News Join us on social mediaEthereum co-founder Vitalik Buterin has confirmed that the recent hack of his X (Twitter) account was the result of a SIM swap attack.
Speaking on decentralized social network Farcaster on September 12, Buterin said he finally got his T-Mobile account back after the hacker managed to take control of it via a SIM swap attack .
"Yes, it was a SIM swap, which means that someone themselves designed a socially engineered T-mobile to support my phone number."
The co-founder of Ethereum added some lessons and learnings from his experience with X.
“A phone number is enough to reset the password of a Twitter account even if it is not used as 2FA,” he said , adding that users can "completely remove [a] phone from Twitter." . »
“I had seen the advice “Phone numbers are not secure, don’t authenticate with them” before, but didn’t realize it.
On September 9, Buterin's X account was hacked by scammers who posted a fake NFT giveaway directing users to click on a malicious link, causing victims to collectively lose more than $691,000.
/p>
On September 10, Ethereum developer Tim Beiko strongly recommended removing phone numbers from X accounts and enabling 2FA. “It seems obvious to enable this option by default, or to enable it by default when an account reaches, say, > 10,000 followers,” he told platform owner Elon Musk. p>
PSA opsec on Twitter:
If you have a phone number linked to your account, even with other 2FA, it can be used to reset your password. Need to disable it specifically + remove phone number.
If your Twitter account is older...
Ethereum co-founder regained control of his T-Mobile account, confirming SIM swap attack led to his X account being hacked.
News Join us on social mediaEthereum co-founder Vitalik Buterin has confirmed that the recent hack of his X (Twitter) account was the result of a SIM swap attack.
Speaking on decentralized social network Farcaster on September 12, Buterin said he finally got his T-Mobile account back after the hacker managed to take control of it via a SIM swap attack .
"Yes, it was a SIM swap, which means that someone themselves designed a socially engineered T-mobile to support my phone number."
The co-founder of Ethereum added some lessons and learnings from his experience with X.
“A phone number is enough to reset the password of a Twitter account even if it is not used as 2FA,” he said , adding that users can "completely remove [a] phone from Twitter." . »
“I had seen the advice “Phone numbers are not secure, don’t authenticate with them” before, but didn’t realize it.
On September 9, Buterin's X account was hacked by scammers who posted a fake NFT giveaway directing users to click on a malicious link, causing victims to collectively lose more than $691,000.
/p>
On September 10, Ethereum developer Tim Beiko strongly recommended removing phone numbers from X accounts and enabling 2FA. “It seems obvious to enable this option by default, or to enable it by default when an account reaches, say, > 10,000 followers,” he told platform owner Elon Musk. p>
PSA opsec on Twitter:
If you have a phone number linked to your account, even with other 2FA, it can be used to reset your password. Need to disable it specifically + remove phone number.
If your Twitter account is older...
What's Your Reaction?