Ethereum co-founder Vitalik Buterin has shared with the crypto community details of the recent hack of his X account. Via a post on the decentralized social media platform, Farcaster, on September 12, Buterin confirmed he had lost his X account to hackers via a SIM swap attack.
Vitalik Buterin Confirms SIM Swap Hack Was Behind $691,000 Theft
On September 9, hackers took over Vitalik’s Buterin X account and posted a link announcing the launch of fake commemorative non-fungible tokens (NFTs) from software company Consensys.
Using this link, the bad actors stole $691,000 worth of assets from some of Vitalik’s 4.9 million followers who had connected their wallets to mint the supposed commemorative NFTs.
Update: $691k drained (another 33% in drainer fee address) pic.twitter.com/AVIShqDlMU
— ZachXBT (@zachxbt) September 9, 2023
Interestingly, an X user with the handle Satoshi_767 stated that the exploit appeared as a SIM swap attack. This kind of hack occurs when hackers control a target’s mobile phone number, using it to access their social media accounts, bank accounts, crypto wallets, etc.
However, this theory was disputed by on-chain investigator ZachXBT, who claimed Buterin’s prominence in the crypto community exposes the Ethereum co-founder to all sorts of attacks.
Three days later, Vitalik Buterin took to Farcaster, confirming the hack was due to a SIM swap attack. However, he has now recovered access to his SIM account. Buterin said:
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
In addition, the Ethereum co-founder advised users to remove their phone number from X, as it was “sufficient” to enable a password change, thus nullifying the two-factor authentication (2FA) protection system.
SIM Swap Attacks Remain On The Rise
The recent attack on Vitalik Buterin only adds to the increasing list of SIM swap attacks in the last few months against crypto investors and founders.
In August, Bitcoinist reported that Bart Stephens, co-founder of Blockchain Capital, a venture capital firm, lost over $6.3 million worth of assets in a SIM swap hack.
Meanwhile, the Gutter Cat Gang NFT project also lost control of their X account to a SIM swap hack in July, leading to the loss of $765,000 worth of NFTs by the project’s user community.
Zach XBT recently posted on X that over $13.3 million have been lost to 54 SIM swaps in the last four months to emphasize how rampant these attacks are.
The on-chain investigator also kicked against the 2FA authentication mechanism, urging crypto users to employ an authenticator app or security key system.