Vitalik Buterin suffers sim-swap hack, exposing Twitter Blue account security vulnerability

Buterin said he did not know the phone number enough to reset the password for the Twitter account.

According to a September 11 post on Warpcast, Ethereum co-founder Vitalik Buterin confirmed that his X (formerly Twitter) account was compromised in a sim swap attack.

A SIM-swap attack is a scheme that exploits vulnerabilities in specific two-factor authentication methods, where a phone call or text message is used as the second authentication step. This method allows attackers to access a victim's text messages, emails, contact lists, bank accounts, social media profiles, and other sensitive and private data.

Buterin explained that he did not know whether a phone number would be enough to reset a Twitter account’s password, even if not used as two-factor authentication.

He added: "Even if not used as 2FA, a phone number is sufficient to reset a Twitter account's password. The phone can be removed from Twitter entirely. I've seen the "phone number is not secure, don't use it for authentication" advice before but didn't realise this."

According to him, he may have added his mobile number to the social media platform while signing up for Twitter Blue, a subscription service that allows users to access premium app features and exclusive benefits such as extended reach, priority tweets, and other features on the X app.

Meanwhile, Buterin expressed his happiness about joining Farcaster, a decentralized social media protocol that allows users to restore their accounts via Ethereum addresses. Warpcast is built on this protocol.

Buterin did not provide further information on whether he would return to X.

On September 9, Buterin’s X account was used to promote a phishing link that stole digital assets, an incident that resulted in a loss of approximately $700,000, including non-fungible tokens (NFTs) in wallets that interacted with it.

Following the hack, Binance CEO Changpeng Zhao urged the cryptocurrency community to be careful when reading social media posts and suggested that the platform introduce more security features.

He added: "Twitter's account security was not designed as a financial platform. It needs more features: 2FA, login ID should be different from username or email, etc." #安全漏洞  #黑客攻击