Hacker Hijacks Ethereum Cofounder's Twitter Using SIM-Swap Attack
A SIM-swap attack helped a hacker take over the Twitter account of Ethereum cofounder Vitalik Buterin in order to promote a malicious cryptocurrency scheme.
The hacker reportedly stole over $691,000 from victims who clicked a malicious link posted to Buterin's account, which provided the hacker with access to their digital wallets.
“Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number),” Buterin wrote on the decentralized social network Warpcast.
A SIM swap often involves a criminal tricking your cellular provider into cloning your mobile phone number to a new SIM card, which can then be placed in their own phone. To pull this off, the criminal poses as the victim through identity theft, or in some cases, even pays off employees at the cellular provider.
Once the criminal takes over the mobile phone number, they then possess a way to potentially break into the victim’s online accounts since many rely on mobile phone numbers to help them recover account access if the password is lost.
In Buterin’s case, the hacker targeted his Twitter account, which has over 4.9 million followers, many of them cryptocurrency fans. On Saturday, the hacker posted a link on Buterin’s account, claiming to promote a commemorative NFT when in reality it was a malicious link.
Buterin noted he wasn’t using his T-Mobile phone number to receive two-factor authentication codes to log into Twitter. Nevertheless, his account was still registered with the phone number, which paved a way for the hacker to break in.
“A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter,” he
Read more on pcmag.com
