Cybercriminals have managed to seize control of Ethereum founder Vitalik Buterin’s X account, resulting in the theft of over $691,000. This nefarious act was perpetrated through the dissemination of a malicious phishing link, which granted unauthorized access to individuals’ wallets.
Blockchain analyst ZachXBT disclosed that a sum of $691,000 had been siphoned from these wallets, with a significant portion, approximately 73%, comprising non-fungible tokens (NFTs). Notably, the tweet housing the malicious link has been subsequently removed.
ZachXBT refrained from speculating on whether Buterin fell victim to a “SIM swap” attack. He mentioned that Buterin, who boasts 4.9 million followers on X (formerly Twitter), is a prominent figure and thus could have potentially been targeted by an insider with ulterior motives.
A “SIM swap” attack entails seizing control of an individual’s phone number to bypass two-factor security measures, typically on websites such as cryptocurrency exchanges or social media platforms.
Earlier this year, reports surfaced indicating that cryptocurrency investors collectively lost a staggering $54 million within a single month due to rug pulls, scams, and cyberattacks.
Binance CEO and founder Changpeng Zhao (CZ) weighed in on the situation, offering his perspective. CZ cautioned crypto enthusiasts to exercise “common sense” when engaging with content on social media platforms. He emphasized that the security measures on the X platform are not as advanced as those on fintech platforms.
He went on to highlight the need for additional security features, such as two-factor authentication (2FA) and distinguishing login IDs from handles or emails.
Additionally, CZ revealed that his own X account had been temporarily locked due to repeated attempts by malicious actors trying to “brute-force” access.
As of the latest update, Vitalik Buterin has successfully regained access to his X account, with the removal of the malicious tweet.
In a related incident last month, hackers commandeered the official website of the Terra blockchain, posting an array of malevolent links. The extent of the theft in this case remains unclear.