Vitalik Buterin sim-swap hack exposes Twitter Blue account security flaw Vitalik Buterin sim-swap hack exposes Twitter Blue account security flaw
Buterin said he did not know that phone numbers were sufficient to password reset a Twitter account.
2 min read
Updated: Sep. 12, 2023 at 4:44 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Ethereum co-founder Vitalik Buterin confirmed that his X (formerly Twitter) account was breached via a sim-swap attack, according to a Sept. 11 post on Warpcast.
A sim-swap attack is a scheme that exploits a vulnerability in specific two-factor authentication methods, where a phone call or text message serves as the second authentication step. This method enables attackers to access their victims’ text messages, emails, contact lists, bank accounts, social media profiles, and other sensitive and private data.
Buterin explained that he did not know that phone numbers were sufficient to password reset a Twitter account even if not used as two-factor authentication. He added:
“A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the “phone numbers are insecure, don’t authenticate with them” advice before, but did not realize this.”
According to him, he might have added his mobile number to the social media platform when he was registering for Twitter Blue. Twitter Blue is a subscription service that grants users access to premium app features and exclusive benefits like expanded reach, prioritized tweets, and other features on the X application.
Meanwhile, Buterin expressed joy in being on Farcaster, a decentralized social media protocol that allows users to recover their accounts via an Ethereum address. Warpcast is built on this protocol.
Buterin did not provide additional information on whether he would ever return to X.
On Sept. 9, Buterin’s X account was used to promote a phishing link that stole digital assets, including non-fungible tokens (NFTs) from wallets that interacted with it. The incident led to the loss of around $700,000.
Following the hack, Binance CEO Changpeng Zhao urged the crypto community to take caution when reading social media posts and advised the platform to introduce more security features. He added:
“Twitter’s account security is not designed as financial platforms. It needs quite a bit more features: 2FA, login id should be different from handle or email, etc.”
Mentioned in this article
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
Editor Editor 
Liam 'Akiba' Wright
Also known as "Akiba," Liam is a reporter, editor and podcast producer at CryptoSlate. He believes that decentralized technology has the potential to make widespread positive change.
Latest Ethereum Stories
In this article
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
X
X (formerly Twitter) is an American social media company based in San Francisco, California, that was founded by Jack Dorsey, Noah Glass, Biz Stone, and Evan Williams in March 2006 and was launched July of the same year.
Vitalik Buterin stands as the pioneering force behind Ethereum, a transformative community-driven platform that fuels the cryptocurrency ether (ETH) and underpins a myriad of decentralized applications.