key findings
- A hacker compromised Vitalik Buterin’s Twitter account and shared a post promoting a malicious NFT giveaway.
- The post contained a URL that stole funds from users who connected their wallets.
- Over $690,000 was stolen in the hack, including valuable NFTs.
- Buterin blames Twitter’s lacklustre OTP authentication for the hack.
- The hack serves as a reminder of the importance of security, especially for high-profile figures.
A hacker managed to compromise the official X account of Vitalik Buterin, resulting in a loss of over $690,000, reported blockchain investigator ZachXBT.
Regarding how the hacking was successful, it is reported that the hacker compromised Buterin’s account and shared a post on his behalf, celebrating the arrival of Proto-Danksharding to the Ethereum platform.
In the now-infamous post, Buterin announces a series of commemorative NFTs (nonfungible tokens) from Consensys. This post also contained a malicious URL and was sent to Buterin’s 4.9 million followers, some of whom fell prey to this lure.
The link promised free commemorative NFTs once the users connected their wallets. Later, the hacker stole all their funds. It was a classic giveaway scam where users were enticed to double their funds but lost all of their assets.
Vitalik’s father Dmitriy “Dima” Buterin confirmed the news, urging his followers to disregard it in a post on September 9. “Disregard this post, apparently Vitalik has been hacked. He is working on restoring access,” he said.
The news has shocked the blockchain and cryptocurrency fraternity because Buterin is known for his mastery over blockchain security, and his account getting hacked and claiming huge financial losses is devastating. The co-founder blames X’s (Twitter) lackluster OTP (one-time password) authentication procedure for this incident.
“I didn’t know Twitter had OTP. Always thought 2FA was good enough. Lesson learned,” Buterin stated in response to this incident.
Many users are also commenting on this hack. A user, Satosi 767, posted that Buterin probably didn’t properly secure his X account. But ZachXBT refuted such comments, stating that Buterin is a high-profile figure therefore, he is more susceptible to hacking attempts and probably became a victim of SIM swapping.
“You do not know yet whether it was a SIM swap. Vitalik is a big enough target to where an insider could have been paid off or panel was used,” ZachXBT noted.
The post was deleted soon but it caused sufficient losses. Ethereum developer Bok Khoo (Bokky Poobah on X) suffered heavy losses in his CryptoPunk NFT collection. Currently, a CryptoPunk NFT’s floor price is 46.99 Ether ($76,837). Reportedly, in one hour, the hacker made over $147,000, and collective losses amounted to $691,000. However, it is unclear how many users were affected by this hacking.
RELATED ARTICLES
- Hacker returns $17 million worth of stolen Ethereum
- Meet MEWKit, a tricky phishing attack draining Ethereum wallets
- World’s Largest Cryptocurrency Casino Stake Hacked for $41 Million
- Researcher Exposes Cryptocurrency Scam Network of 300 Domains
- Kroll SIM-Swapping Attack Causes Data Breach at 3 Top Crypto Firms