Vitalik Buterin, a computer programmer who co-founded the popular cryptocurrency Ethereum, is clearing the air after his account on Twitter (now known as X) was hacked this weekend. The hack involved a post touting a commemorative NFT that was actually a cryptocurrency wallet drainer.
“Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number),” Buterin wrote. “Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter.”
Buterin revealed that a SIM swap attack was the method for the hack in a post on the decentralized social media platform Farcast, as reported by Decrypt. The outlet says that the swap allowed the hackers to take over Buterin’s Twitter account by manually resetting his password using his phone as well as using the number to bypass the platform’s two-factor authentication. The Ethereum co-founder boasts a big 4.9 million followers on the platform, and the hack resulted in an estimated $US650,000 worth of NFTs being stolen from unsuspecting victims.
This weekend, the hackers took control of Buterin’s account to post a phony link to a limited edition NFT, which was advertised to commemorate the release of proto-danksharding for Ethereum. Proto-danksharding is an upcoming update to the cryptocurrency’s digital infrastructure, which developer Mario Havel told Decrypt was in its last stages of development before release, seemingly in the next few months. The new update will use so-called “data blobs,” allowing the Ethereum network to expand and handle up to 100,000 daily transactions.
“To celebrate the Proto-Darksharding coming to Ethereum, @Consensys is marking the moment with a commemorative NFT. ‘Proto honors the work of the devs who made this possible. The collection is free for the next 24 hours,” the alleged hackers posted on Buterin’s account, followed by a link to a webpage where users were encouraged to claim the NFT. The tweet was posted and subsequently removed over the course of 20 minutes.