Vitalik Buterin, the co-founder of Ethereum, has recently addressed the security breach that led to unauthorized access to his X account—formerly known as Twitter.
The incident, which saw phishing links posted to Buterin's X account, has reignited debates around cybersecurity measures.
Buterin's security fumble
As reported by U.Today, hackers gained unauthorized entry into Buterin's X account and posted phishing links, with the apparent goal of scamming his followers.
The malicious actors utilized a deceptive "commemorative" non-fungible token (NFT) scheme, leading to multiple NFTs being stolen according to social media reports.
The hacking incident elicited a wide range of reactions online, ranging from memes to serious discussions about the vulnerability of even tech-savvy individuals to cyber threats. Prior to Buterin's explanation, it was speculated that the hackers exploited a SIM swap vulnerability to gain access to his account.
SIM swaps and cyber traps
Buterin has since regained control of his T-Mobile account and clarified the situation via his X account. He confirmed that the hacking was due to a SIM swap attack, stating that someone "socially engineered" T-Mobile itself to gain access to his phone number.
Buterin also shared a cautionary note on the vulnerability of phone numbers as an authentication method. He mentioned that even if a phone number is not used for two-factor authentication (2FA), it can still be exploited for password resetting on X. In hindsight, Buterin acknowledged that he had been advised against using phone numbers for authentication but did not heed the warning until this incident.
The hack has prompted Buterin to transition to "farcaster," a platform where account recovery is tied to Ethereum addresses, thus offering enhanced security.
Buterin has moved to a more secure platform, but the incident serves as a cautionary tale for both public figures and average users in the crypto community.