Vitalik Buterin has taken to addressing a recent security breach that led to unauthorized access to his X account, formerly known as Twitter.
This incident has once again sparked discussions on the importance of robust cybersecurity measures.
Hackers managed to infiltrate Buterin’s X account, posting phishing links in an attempt to scam his followers. The scheme involved a deceptive “commemorative” non-fungible token (NFT) strategy, resulting in the theft of multiple NFTs, as reported on social media.
The hacking incident elicited a wide range of reactions online, from humorous memes to serious discussions about the vulnerability of even tech-savvy individuals to cyber threats.
Initially, there were speculations that the hackers exploited a SIM swap vulnerability to gain access to Buterin’s account.
Buterin has since regained control of his T-Mobile account and provided clarity on the situation via his X account. He confirmed that the hacking was indeed the result of a SIM swap attack, wherein the perpetrators “socially engineered” T-Mobile to gain access to his phone number.
Highlighting a critical lesson from the incident, Buterin emphasized the vulnerability of using phone numbers as an authentication method.
He pointed out that even if a phone number isn’t used for two-factor authentication (2FA), it can still be exploited for password resetting on platforms like X.
In hindsight, Buterin acknowledged that he had received advice against using phone numbers for authentication but had not heeded the warning until this incident.
In response to the hack, Buterin has taken steps to enhance his security measures. He has transitioned to “farcaster,” a platform where account recovery is linked to Ethereum addresses, providing an added layer of security.