Ethereum co-founder, Vitalik Buterin, has recently regained control of his T-Mobile account and confirmed that a SIM-swap attack led to the recent hack of his X account.
Buterin revealed details of the incident on the decentralized social media network, Farcaster, on September 12. He explained how the hacker managed to gain control over his mobile number through a SIM-swap attack—an increasingly common cybercrime technique.
The hacker subsequently gained access to his X account, exploiting the fact that a phone number can reset a Twitter password even if it’s not used for two-factor authentication (2FA).
The Ethereum co-founder shared his experience and lessons learned from the incident. He highlighted the vulnerability associated with linking a phone number to a X account and advised users to remove their phone numbers from their X accounts completely.
The incident, which transpired on September 9, saw the scammers taking control of Buterin’s account to post a fraudulent NFT giveaway that lured users into clicking a malicious link. This scheme led to a collective loss of over $691,000 for the victims who fell for the scam.
This is not an isolated incident involving T-Mobile in SIM-swap attacks. The telecom giant faced legal actions in 2020 and 2021 for allegedly facilitating the theft of millions in cryptocurrency through similar attacks.