Ethereum (ETH) creator Vitalik Buterin says that hackers used a SIM-swap scam to take over his account on the social media platform X to commit theft.
In a new post on the decentralized social network Farcaster, Buterin says that whoever committed the offense took over his T-Mobile phone number.
“Finally got back my T-Mobile account (yes, it was a SIM-swap, meaning that someone socially engineered T-Mobile itself to take over my phone number).”
SIM swapping happens when scammers contact a mobile phone carrier and trick them into activating the scam target’s phone number on a SIM card that they have. Once they have the SIM card activated they attempt to use it to intercept two-factor authentication codes (2FA) for the person’s accounts.
After taking over Buterin’s X (previously known as Twitter) account, the fraudsters promoted a non-fungible token (NFT) scam and reportedly made off with $691,000.
Says Buterin,
“Main learning regarding Twitter was:
A phone number is sufficient to password reset a Twitter account even if not used as 2FA.
Can completely remove phone from Twitter.
I had seen the ‘phone numbers are insecure, don’t authenticate with them’ advice before, but did not realize this. I don’t remember when I *added* the number; my guess is that it was required to sign up for Twitter blue.”
He also says he’s happy to be using Farcaster because his account recovery can be controlled by an Ethereum address.
Farcaster co-founder Dan Romero welcomed Buterin to his platform last year.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxGenerated Image: Midjourney