Table of Contents
Vitalik Buterin, the co-founder of Ethereum, recently disclosed the hacking of his X account.
He made this revelation on Farcaster, a decentralized social media platform, on September 12th, stating that he fell victim to a SIM swap attack.
Details of the $691,000 Heist
On September 9th, malefactors gained control over Buterin's X account, promoting a fraudulent link that claimed to introduce commemorative non-fungible tokens (NFTs) by software giant Consensys.
This deceptive link led to the theft of $691,000 in assets from several of Buterin's 4.9 million followers who believed they were acquiring genuine commemorative NFTs.
An X platform user, Satoshi_767, suggested that the breach was a result of a SIM swap attack, a method where hackers seize a victim's mobile number to gain unauthorized access to various accounts.
However, this hypothesis faced skepticism from ZachXBT, an on-chain detective, who believed that Buterin's stature in the crypto realm made him susceptible to diverse attack vectors.
Buterin later confirmed on Farcaster that the breach was indeed a SIM swap attack and that he had regained control of his T-Mobile account.
Buterin also cautioned users to unlink their phone numbers from X, emphasizing that phone numbers alone could facilitate password resets, thereby bypassing two-factor authentication (2FA) safeguards.
Rising Trend of SIM Swap Attacks
Buterin's ordeal is a testament to the escalating number of SIM swap attacks targeting crypto enthusiasts and industry leaders. In a similar incident in August, Bart Stephens, the co-founder of Blockchain Capital, lost assets worth over $6.3 million due to a SIM swap attack. The Gutter Cat Gang NFT initiative also suffered a setback in July when they lost control of their X account, resulting in a loss of NFTs valued at $765,000.
ZachXBT highlighted the severity of the issue, noting that in the past four months, a staggering $13.3 million was lost in 54 separate SIM swap attacks. He also criticized the 2FA system, advocating for the adoption of authenticator apps or security key mechanisms.
