The exploit was used to post a fake NFT giveaway luring users to click on a malicious link that subsequently resulted in over $800,000 in losses.

Ethereum co-founder Vitalik Buterin confirmed that the recent hack of his X account (formerly Twitter) was the result of a SIM-swap attack.

Sharing the entire ordeal on a post on the decentralized social network Farcaster, Buterin revealed that the attack was executed through a sim swap, indicating that scammers had successfully socially engineered T-Mobile to gain control of his phone number.

One of the key takeaways from Buterin’s experience was the vulnerability of Twitter’s account recovery system. He emphasized that even if a phone number is not used as a two-factor authentication (2FA) method, it can still be leveraged to reset a Twitter account’s password.
“Finally got back my T-Mobile account (yes, it was a sim swap, meaning that someone socially engineered T-Mobile itself to take over my phone number).”
This revelation also underscores the security risks associated with relying on phone numbers for authentication despite prior advice cautioning against it.
Buterin also admitted that he had come across advice discouraging the use of phone numbers for authentication in the past, but it wasn’t until now that he fully comprehended the seriousness of the matter.

Leave a Reply

Your email address will not be published. Required fields are marked *

WP Twitter Auto Publish Powered By : XYZScripts.com