Coinspeaker
Vitalik Buterin Says SIM Swap Caused X Account Hack
Ethereum co-founder Vitalik Buterin has recently shed light on the cause behind the security breach of his X (Twitter) account. In a shocking revelation, Buterin attributed the exploit to a SIM-swap attack, a form of cybercrime that has become increasingly prevalent in the digital age.
Buterin, a prominent figure in the crypto industry, shared the details of the attack while speaking on the decentralized social media platform Farcaster on September 12.
For clarity, a SIM swap attack, or sim jacking, is a technique hackers use to gain control over a victim’s mobile phone number. Once they gain control of the phone number, these malicious actors can exploit two-factor authentication (2FA) to access social media, financial, and crypto accounts illicitly.
Speaking about the SIM swap, Buterin explained that the attacker had skillfully manipulated T-Mobile, a major mobile service provider, to facilitate the takeover of his phone number. Despite the sophistication of the attack, he managed to regain control of his T-Mobile account after the hacker had already exploited his X account.
“Finally got back my T-Mobile account (yes, it was a sim swap, meaning that someone socially engineered T-Mobile itself to take over my phone number).”
Hackers Managed to Steal $691,000 in Cryptocurrencies
The breach of Buterin’s X account occurred on September 9 when scammers gained access to the page with thousands of followers, posting a malicious phishing link, which, when clicked, provided them access to individuals’ wallets, leading to substantial financial losses.
Blockchain analyst ZachXBT, upon investigating the incident, revealed that a staggering sum of $691,000 had been drained from victims’ wallets in the aftermath of the security breach. Notably, a significant portion of this amount, approximately 73%, consisted of non-fungible tokens (NFTs).
In response to the security breach, another Ethereum developer, Tim Beiko, strongly recommended that users remove their phone numbers from X accounts and enable 2FA as a security measure. He suggested enabling 2FA should be the default setting, especially for accounts with a substantial following, proposing activation when an account surpasses a specific follower threshold.
Not the First Simswap Attack Involving T-Mobile
While this incident has shed light on the vulnerabilities associated with phone numbers in the authentication process, it has also drawn attention to the broader issue of mobile service providers’ susceptibility to SIM swap attacks.
Although T-Mobile was the target in this case, it is not the first time the company has faced such allegations. In 2020, the company was sued over accusations of enabling the theft of $8.7 million in cryptocurrencies through a series of SIM swap attacks.
A year later, the company was sued in February 2021 after a customer lost $450,000 in Bitcoin (BTC) due to another SIM swap attack.