Vitalik Buterin Regains Control of X Account, Unveils Important Lesson About the Hack

Ethereum co-founder Vitalik Buterin has acknowledged that the recent breach of his X account was the outcome of a SIM-swap assault.

Speaking on the decentralized social media platform Farcaster on September 12th, Buterin revealed that he has successfully reclaimed his T-Mobile account after the hacker gained control of it through a SIM-swap maneuver.

In his own words, he stated, "Yes, it was a SIM swap, which means that an individual manipulated T-Mobile itself to gain control of my phone number."

Buterin went on to share some insights and takeaways from his encounter with this incident. He emphasized that a phone number alone is enough to reset the password for an X account, even if it's not used for two-factor authentication (2FA). He further advised users to completely eliminate their phone numbers from their X accounts.

In fact, on September 9, Buterin's X account fell into the hands of scammers who posted a fraudulent NFT giveaway, enticing users to click on a malicious link, resulting in a collective loss of over $691,000 for the victims.

On September 10, Ethereum developer Tim Beiko strongly recommended removing phone numbers from X accounts and enabling 2FA. Beiko suggested that it should be a default feature, possibly activating automatically when an account surpasses a certain follower count, as he conveyed this to platform owner Elon Musk.

It is worth noting that a SIM-swap or simjacking attack is a method employed by hackers to take control of a victim's mobile phone number, allowing scammers to utilize two-factor authentication (2FA) to access social media, banking, and cryptocurrency accounts.

This isn't the first instance where T-Mobile has been implicated in such an attack vector, according to Cointelegraph. In 2020, the telecommunications giant faced legal action for allegedly facilitating the theft of $8.7 million in cryptocurrency through a series of SIM-swap attacks. T-Mobile also faced another lawsuit in February 2021 when a customer lost $450,000 in Bitcoin due to another SIM-swap attack.