Home / News / Crypto / News / How Ethereum’s Vitalik Buterin Got Hacked and the Damage Done
News
5 min read

How Ethereum’s Vitalik Buterin Got Hacked and the Damage Done

Published September 12, 2023 11:50 AM
Teuta Franjkovic
Published September 12, 2023 11:50 AM
Key Takeaways
  • Vitalik Buterin said that a SIM swap assault was the cause of the hack of his X account.
  • The incident occurred on September 9 and resulted from con artists advertising a false NFT giveaway, which cost victims more than $690,000.
  • Buterin stressed the value of Twitter account security and the advantages of decentralized social platforms for security.

Vitalik Buterin, a co-founder of Ethereum, has verified that a SIM-swap assault was the cause of his hacked X (Twitter) account.

Switch the Phone Number Immediately

On September 12, Buterin said  that he had finally regained control of his T-Mobile account after the hacker had succeeded in taking over the account through a SIM swap attack.

He announced the decentralized social media network Farcaster.

Vitalik explains sim swap attack
Credit: Farcaster

He said, “A phone number is sufficient to password reset a Twitter account even if not used as 2FA,” noting that users may “completely remove [a] phone from Twitter.”

“I had seen the ‘phone numbers are insecure, don’t authenticate with them’ advice before, but I did not realize this.”

A false NFT giveaway  was made on Buterin’s X account on September 9 by scammers, who tricked users into clicking a dangerous link, causing them to lose over $691,000 as a result.

On September 10, Ethereum engineer Tim Beiko strongly advised turning on 2FA and eliminating phone numbers from X accounts. He told the platform’s owner, Elon Musk, “Seems like a no-brainer to have this default on, or to default turn it on when an account reaches, say, >10k followers.”

Using a SIM-swap or simjacking assault, hackers can take over a victim’s mobile phone number. Scammers can utilize two-factor authentication (2FA) to access social media, bank, and cryptocurrency accounts if they have possession of the number.

The Buterin family has been hacked on Twitter previously.

Natalia Ameline, Vitalik’s mother, was involved in a Twitter scam  in August of this year. Ameline oversees investor relations and general DAC operations for Metis, an Ethereum layer-2 scaling solution. On Twitter, the project was hijacked and used to send fraudulent links that allowed some followers’ wallets to be stolen.

Cyber Threats Lurking at Every Turn

The use of this attack vector by T-Mobile has occurred previously. The telecom corporation was sued in 2020  for allegedly allowing a series of SIM-swap hacks that resulted in the theft of $8.7 million worth of cryptocurrency.

In February 2021, a client who had suffered a second SIM-swap attack and lost $450,000 in Bitcoin sued T-Mobile  again and in July, T-Mobile was again being sued  over claims that it did not take adequate precautions to prevent a SIM switch scam that cost one client $55,000 in lost Bitcoin.

SIM-swap attacks increased in 2022, according to the Federal Bureau of Investigations . Over $72 million in losses were caused by this attack vector, an increase of $4 million from the previous year. The heart of the hack attack is when a perpetrator fools cellular service representatives, obtains crucial personal information and then redirects a victim’s mobile number to their device.

Feds Want $5.2 Million in Bitcoin Stolen in Sim Swap

Last week, a federal judge approved  an order, requiring Ahmad Wagaafe Hared to hand over $5.2 million in Bitcoin that he stole back in 2016. Hared and two accomplices devised a SIM-swapping operation between 2016 and 2018 that resulted in the theft of the automobile and the Bitcoin.

Millions of dollars’ worth of Bitcoin that were taken from crypto industry executives four years ago by a teen hacker are now being seized by the U.S. Department of Justice. The sports automobile he purchased with the stolen Bitcoin is also being sought after by the prosecution.

In 2016, Harred, who was 18 at the time and was a resident of Tucson, Arizona, collaborated with Nevada-based co-conspirator Matthew Gene Ditman to deceive customer service agents of cell phone companies into divulging information about the SIM cards linked to the accounts of cryptocurrency executives in northern California.

2019 saw the end of the scam after the FBI tracked down Harred and Ditman and apprehended them. The two have not yet received sentences.

Crypto Executive Faces $6.3 Million Loss in Audacious SIM-Swap Attack

Bart Stephens, a pioneer in the cryptocurrency sector and managing partner of Blockchain Capital, filed a lawsuit  against an unnamed bad guy last month. Stephens claimed he was the victim of a SIM-swap attack that resulted in a $6.3 million cryptocurrency hack.

This lawsuit served as yet another somber reminder of the ongoing cyber risks  that prominent crypto advocates must deal with.

In the official complaint, the hacker, who goes by the alias Jane Doe, planned a complex SIM-swap attack against Stephens on May 14.

The criminal was able to bypass security measures with Stephens’ cell service provider by using data obtained from the dark web and other online sources. Finally, Stephens’ cell phone number was forwarded to a new device by the hacker.

After the successful SIM switch, the hacker wasted no time in moving on.

By using Stephens’ mobile number as a backdoor, they were able to reset the passwords for numerous crypto wallets by getting over two-factor authentication restrictions. The hacker boldly transferred $6.3 million in digital assets from these to individual cryptocurrency vaults.

Cryptocurrency owners and the general public must exercise caution in a climate where cyber heists, particularly SIM-swap assaults, are on the rise.

One can combat such malevolent activities by adhering to FBI suggestions , such as avoiding oversharing financial details online and using strong multi-factor authentication techniques.

Was this Article helpful? Yes No