Vitalik Buterin HACKED! What Can We Learn?

There’s been a nasty trend ongoing in recent months of high profile crypto related Twitter accounts getting hacked, with the latest account to fall being none other than the creator of Ethereum, Vitalik Buterin.

This incident was particularly startling because Vitalik is known for his stringent commitment to security, even recommending that crypto users employ highly convoluted processes to store their seed phrases. However, It serves as a stark reminder that, regardless of how diligent we believe we are in our security practices, we are all potential targets.

In this article, we will delve into the details of the hack and explore how you can safeguard yourself from such attacks:

What is a sim Swap attack?


Vitalik revealed on Monday that the hack stemmed from a malicious SIM swap attack, but what exactly is that?

A SIM swap attack involves hackers tricking a mobile carrier into transferring a victim’s phone number to a new SIM card in their possession. This effectively gives the hackers control over the victim’s phone number, allowing them to bypass two-factor authentication security measures and gain access to various accounts linked to that number.

In this case, the hackers used this stolen phone number to reset his Twitter password, thereby gaining access to his account and the 4.9 million followers. This breach made it possible for them to execute a fake NFT giveaway scam, leading followers to click on a malicious link that resulted in their wallets getting drained.

5 Steps to Keep yourself Safe

Remove Phone Numbers from Social Media Accounts: One critical lesson from this incident is the need to remove phone numbers from your social media accounts, even if they are not used for 2FA. In fact, go do this right away. Go now, and return back to reading this article only once you’ve done so! It takes 30 seconds, and you’ll be more secure than the father of Ethereum himself was.

Enable 2FA on All Your Accounts: Two-factor authentication (2FA) adds an extra layer of security to your online accounts. By enabling 2FA, you ensure that even if your password is compromised, an additional verification step is required for access. It is advisable to use authentication apps like Google Authenticator or hardware tokens for 2FA, as they are more secure than SMS-based authentication, which should never be used based on all of the reasons outlined previously.

Keep Your Cold Wallet COLD: If you exercise extreme caution with all interactions and never click unknown links, then in theory you should be ok. However, we’re human and make mistakes; even Vitalik, who we all suspected was a robot until last week.
Simply put, keep your high value digital assets locked away in a hardware wallet, and never use that wallet to interact with anything unless it’s absolutely necessary. For activities such as minting and connecting to sites, ensure you’re using dedicated hot wallets that are entirely separate from your vault wallets. If mistakes are made, the damage will be minimal.

Regularly Review and Update Security Settings: Take the time to review and update the security settings on your social media accounts. Make sure your passwords are strong and unique for each platform, and regularly change them. Additionally, review the connected apps and devices to ensure you’re aware of all access points to your accounts.

Use Protection: For added protection when navigating Web3, consider utilizing security software.


Final Thoughts

By following the lessons learned from this incident, you can take proactive steps to protect your online presence from potential threats. Removing phone numbers, enabling 2FA, and keeping your high value assets far away from wallets you use daily are key elements in safeguarding your social media accounts, personal information, and wealth. 

Stay vigilant!

Opinions expressed here are opinions of the Author. Influencive does not endorse or review brands mentioned; does not and cannot investigate relationships with brands, products, and people mentioned and is up to the Author to disclose. Accounts and articles may be professional fee-based.

Tagged with: