Twitter Hack Unveiled as SIM Card Swap Attack; Enhanced App Security

Dilip9777

"Ethereum founder Vitalik Buterin's Twitter account was hacked, and two days later, he posted on a decentralized social platform confirming it was a SIM card swap attack. He also emphasized that he has implemented various security measures on his Twitter account and other apps.

Vitalik's Twitter Hack

Vitalik's Twitter account was compromised on September 10th, with the hacker making over $690,000 in profits by sharing phishing links, including cryptocurrencies and the CryptoPunk #3983 NFT. The hacker even sent some meme NFTs featuring Vitalik back to him in a satirical manner.

Vitalik: It Was a SIM Card Swap Attack

Vitalik posted his response on the decentralized social protocol Farcaster's user-side platform, warpcast. He explained that it was a SIM card swap attack where someone took control of his phone number through social engineering.

A ""SIM card swap attack,"" also known as SIM card swapping fraud, typically involves criminals collecting a target's personal information and then convincing telecom service personnel to transfer (copy) the target user's phone number to a SIM card controlled by the attacker. This effectively gives the attacker control over the user's phone and can lead to unauthorized access to financial accounts and cryptocurrency wallets.

Questioning the Security of Phone Numbers

Regarding the Twitter hack, Vitalik learned that hackers didn't need 2FA (two-factor authentication) and could reset Twitter passwords directly through the phone number. They could also remove the previously registered number from Twitter.

Vitalik mentioned that he had heard advice about the insecurity of phone numbers and not relying on them for verification, but he didn't take it seriously. He also couldn't remember when he added this phone number to Twitter, speculating that it might have been for registering Twitter Blue.

In conclusion, he expressed his happiness at the opportunity to join the Farcaster platform, where account recovery mechanisms are tied to secure Ethereum addresses. He emphasized that he has implemented various security enhancements on his Twitter account and other apps."