The co-founder of Ethereum learned about the shortcomings of authentication from his own experience.
Co-founder of Ethereum Vitalik Buterin said that his account in the social network X* was hacked using the "SIM swap" method.
The incident occurred on September 9: a post appeared on Buterin's account that offered to pick up "memorable NFTs" for free. Users who clicked on the link and linked their crypto wallets lost all their digital assets. As a result of the attack, $690,000 in cryptocurrency was stolen.
A little later, Buterin confirmed the fact of the attack, making a statement on Warpcast, the platform of the decentralized social network Farcaster: "Yes, it was a SIM card replacement, that is, someone using social engineering took possession of my phone number."
Buterin noted that only a phone number is enough to reset the password on Twitter*, even if it is not linked as a second authentication factor (2FA). "I've already come across the advice' phone numbers are not secure, don't authenticate with them', but I didn't know that was the case," he said.
The creator of Ethereum also added that he does not remember the moment when he linked his phone to Twitter. He suggests that this may have been necessary to subscribe to Twitter Blue, the paid version of the service.
Co-founder of Ethereum Vitalik Buterin said that his account in the social network X* was hacked using the "SIM swap" method.
The incident occurred on September 9: a post appeared on Buterin's account that offered to pick up "memorable NFTs" for free. Users who clicked on the link and linked their crypto wallets lost all their digital assets. As a result of the attack, $690,000 in cryptocurrency was stolen.
A little later, Buterin confirmed the fact of the attack, making a statement on Warpcast, the platform of the decentralized social network Farcaster: "Yes, it was a SIM card replacement, that is, someone using social engineering took possession of my phone number."
Buterin noted that only a phone number is enough to reset the password on Twitter*, even if it is not linked as a second authentication factor (2FA). "I've already come across the advice' phone numbers are not secure, don't authenticate with them', but I didn't know that was the case," he said.
The creator of Ethereum also added that he does not remember the moment when he linked his phone to Twitter. He suggests that this may have been necessary to subscribe to Twitter Blue, the paid version of the service.
