Vitalik: Twitter hack was a "SIM card swap attack," has strengthened security measures on various apps
Two days after Ethereum founder Vitalik Buterin's Twitter account was hacked, he posted on a decentralized social media platform confirming that it was a SIM card swap attack and emphasized that he had taken various security measures for his Twitter account and other apps.
Table of Contents
Vitalik's Twitter Hacked
Vitalik's Twitter account was hacked on September 10th, with the hacker posting phishing links and making over $690,000 in profits, including cryptocurrencies and NFTs like CryptoPunk #3983.
The hacker even sent some meme NFTs of Vitalik back to him, adding a touch of irony.
Vitalik: It's a SIM Card Swap Attack
Vitalik posted on the decentralized social protocol Farcaster's user-side platform warpcast.
He pointed out that this was a SIM card swap attack, where someone took over his phone number through social engineering.
A "SIM card swap attack" is also known as SIM card fraud. Criminals typically gather personal information about a specific target, then, by deceiving telecom service personnel, transfer the target user's phone number to a SIM card they control, essentially gaining control of the user's phone. They often target financial accounts and cryptocurrency wallets.
Security Concerns with Phone Numbers?
Regarding the Twitter hack, Vitalik learned that hackers could reset a Twitter password directly with a phone number without needing 2FA two-factor authentication, and even delete the previously registered number.
Vitalik mentioned hearing advice about the insecurity of phone numbers and not to use them for verification, but he didn't take it seriously. He also forgot when he added the phone number to Twitter, speculating it might have been for signing up for Twitter Blue.
What is Twitter Blue: Reportedly, Twitter Blue subscription fees raised to $20! Not subscribing to "Blue" will disappear
He concluded by expressing his happiness to join the Farcaster platform, where the account recovery mechanism uses secure Ethereum addresses and emphasized that he has implemented various security measures for his Twitter account and other apps on the platform.