- After briefly losing his account to hackers, Vitalik Buterin regains control over his X account, and shares safety tips to his followers.
- A key figure at Ethereum, shares information relevant for crypto use to avoid losing their crypto assets.
The co-founder of Ethereum, Vitalik Buterin, has regained access to his X account, not long after he was hacked. Buterin’s X (Twitter) account was hacked after he lost access to his T-Mobile account. Hackers took over Buterin’s account on the 9th of September and posted a fake NFT giveaway on his X account. The giveaway came with a suspicious link, that caused unsuspecting X users to collectively lose more than $691,000.
The Ethereum boss has now revealed that a SIM-swap attack took place earlier. This made it easy for Buterin’s X account to be hacked and tampered with for a brief period.
Updating the public on the sustain of things, Buterin said the following;
“Finally got back my T-Mobile account. Yes, it was a SIM swap, meaning that someone socially-engineered T-mobile itself to take over my phone number.”
Buterin shared some key patterns to look out for while breaking down the entire experience. He explained that a phone number is enough information needed for a hacker to gain access to a twitter account, even if it’s not used as a 2FA. He went on to explain that users can also completely remove [a]phone from Twitter.
It also appears that he had seen the ‘phone numbers are insecure, don’t authenticate with them’ advice, before the hack, but failed to realize it on time.
Ethereum’s Protocol Support personnel share safety information
Sim-swapping is a form of hacking that can also affect cryptocurrency users, who are at risk of being targeted by different kinds of scammers. Once a hacker gains access to a user’s account, a 2FA can be used to steal their cryptocurrency accounts.
Following the event, Tim Beiko, an Ethereum protocol support personnel, laid down steps that could help users contain or bypass potential hacks.
Beiko warns users against using phone numbers linked to a specific account, as they can be used to reset passwords. Users can either disable or scalp out these numbers to prevent security breaches.
“Twitter opsec PSA: If you have a phone number linked on your account, even with other 2FA, it can be used to reset your PW. Need to specifically disable it + remove phone #. If your Twitter account pre-dates crypto, strongly recommend double-checking, and adding strong 2FA!” He wrote in a post.
Tim Beiko also went on to urge Elon Musk, the current CEO of Twitter, to consider making it possible for X users to be able to remove phone numbers from their accounts while being able to enable 2FA by default.
“Elon Musk seems like a no-brainer to have this default on, or to default turn it on when an account reaches, say, >10k followers.” He wrote in a follow-up post.
