There’s been a nasty trend ongoing in recent months of high profile crypto related Twitter accounts getting hacked, with the latest account to fall being none other than the creator of Ethereum, Vitalik Buterin.
This incident was particularly startling because Vitalik is known for his stringent commitment to security, even recommending that crypto users employ highly convoluted processes to store their seed phrases. However, It serves as a stark reminder that, regardless of how diligent we believe we are in our security practices, we are all potential targets.
In this article, we will delve into the details of the hack and explore how you can safeguard yourself from such attacks:
What is a sim Swap attack?
Vitalik revealed on Monday that the hack stemmed from a malicious SIM swap attack, but what exactly is that?
A SIM swap attack involves hackers tricking a mobile carrier into transferring a victim’s phone number to a new SIM card in their possession. This effectively gives the hackers control over the victim’s phone number, allowing them to bypass two-factor authentication security measures and gain access to various accounts linked to that number.
In this case, the hackers used this stolen phone number to reset his Twitter password, thereby gaining access to his account and the 4.9 million followers. This breach made it possible for them to execute a fake NFT giveaway scam, leading followers to click on a malicious link that resulted in their wallets getting drained.
5 Steps to Keep yourself Safe
Remove Phone Numbers from Social Media Accounts: One critical lesson from this incident is the need to remove phone numbers from your social media accounts, even if they are not used for 2FA. In fact, go do this right away. Go now, and return back to reading this article only once you’ve done so! It takes 30 seconds, and you’ll be more secure than the father of Ethereum himself was.
DO THIS RIGHT NOW … Twitter / X account security steps:
1) turn off SMS 2FA (go under Settings -> Security & Account Access -> Security -> Two-Factor Authentication … uncheck "Text Message" and use either "Authenticator App" and/or "Security Key")
2) remove your phone…
— DCinvestor (@iamDCinvestor) September 11, 2023
Enable 2FA on All Your Accounts: Two-factor authentication (2FA) adds an extra layer of security to your online accounts. By enabling 2FA, you ensure that even if your password is compromised, an additional verification step is required for access. It is advisable to use authentication apps like Google Authenticator or hardware tokens for 2FA, as they are more secure than SMS-based authentication, which should never be used based on all of the reasons outlined previously.
Keep Your Cold Wallet COLD: If you exercise extreme caution with all interactions and never click unknown links, then in theory you should be ok. However, we’re human and make mistakes; even Vitalik, who we all suspected was a robot until last week.
Simply put, keep your high value digital assets locked away in a hardware wallet, and never use that wallet to interact with anything unless it’s absolutely necessary. For activities such as minting and connecting to sites, ensure you’re using dedicated hot wallets that are entirely separate from your vault wallets. If mistakes are made, the damage will be minimal.
you must simply not mint from the address you store your important nfts
how many times do we have to discuss this?
come on, people
there are many hard things in crypto, this is not one of them.
— 6529 (@punk6529) September 10, 2023
Regularly Review and Update Security Settings: Take the time to review and update the security settings on your social media accounts. Make sure your passwords are strong and unique for each platform, and regularly change them. Additionally, review the connected apps and devices to ensure you’re aware of all access points to your accounts.
Use Protection: For added protection when navigating Web3, consider utilizing security software.
- A notable choice is MalwareBytes, renowned for its effectiveness in safeguarding against viruses and malware
- Pocket Universe is a useful extension that translates into simple terms what actions you are taking when executing transactions
- Further to this, MintDefense is the only browser extension that in real-time detects and blocks malicious Web3 sites. MD is being prepared for public release in due course. You can read about Danor Cohen, Co-Founder of MintDefense, in our feature here.
By following the lessons learned from this incident, you can take proactive steps to protect your online presence from potential threats. Removing phone numbers, enabling 2FA, and keeping your high value assets far away from wallets you use daily are key elements in safeguarding your social media accounts, personal information, and wealth.
This is a Contributor Post. Opinions expressed here are opinions of the Contributor. Influencive does not endorse or review brands mentioned; does not and cannot investigate relationships with brands, products, and people mentioned and is up to the Contributor to disclose. Contributors, amongst other accounts and articles may be professional fee-based.