Vitalik Buterin’s X Account Compromised, Nearly $700,000 Drained
Ethereum co-founder’s ETH account was targeted by a hacker, who managed to steal nearly $700,000 from unsuspecting users after sharing malicious links through the hacked account.
The hacker posted a malicious link on the profile, tricking users into connecting their wallets and minting exclusive NFTs.
Ethereum Co-Founder Hacked
Vitalik Buterin is one of the most prominent figures in the crypto space and the last person to be targeted by a hacker. However, this happened when a hacker hijacked Buterin’s X account, stealing $690,000 from unsuspecting users by posting a malicious link to his feed. The hack first came to light on Sunday when a post planted by the hacker showed up on Buterin’s feed. The post announced the launch of a new set of commemorative NFTs from software provider Consensys.
The link, which was visible to Buterin’s 4.9 million followers on X, urged users to click on the link, connect their wallets, and mint the NFTs. However, in reality, this allowed the hacker to steal the funds from connected wallets. Prominent names from crypto Twitter were quick to notice the fake link and rushed to warn users, urging them to disregard the post. The first acknowledgment of the hack came from Buterin’s father, who stated that Buterin’s account was hacked, and he was working to restore access.
“Disregard this post. Apparently, Vitalik has been hacked. He is working on restoring access.”
Ethereum developer Bok Khoo also posted on X, claiming that he had lost several NFTs from his CryptoPunks collection.
Post Deleted But Damage Done
The malicious post has since been deleted, but considerable damage has been done. Several users who fell for the ruse and clicked on the link reported losing access to funds in their wallets. Within an hour, the hacker had made off with around $147,000. However, this figure quickly rose to around $691,000, as reported by blockchain investigator ZachXBT.
So far, Buterin has not publicly commented on the hacking incident, with the most recent post being a retweet of a post made on the 6th of September. However, ZachXBT reported that the hacker subsequently sent Vitalink one of the stolen NFTs. It still isn’t known how many users were impacted by the hack. One user questioned security measures adopted by Buterin to secure his account, adding that he should take responsibility for the incident.
“I hate to be the one to say it, but Vitalik should take accountability for his poor op-sec and compensate those affected. The only way this isn’t negligence on Vitalik’s part is if someone at X internally compromised the account, or if he was coerced in person by a criminal who threatened violence. I highly doubt that’s what happened. Most likely, this was a SIM swap.”
Growing Worry Of Social Media Hacks
This latest incident adds to an ever-increasing list of social media hacks that have resulted in the loss of millions of tokens. In fact, so heavy have been the losses that there is growing talk about how victims of these hacks should be compensated for their losses by developers themselves. The spate of hacks brought even Twitter’s security into question, with Binance CEO Changpeng Zhao stating that the platform’s security is not well designed compared to traditional financial accounts and platforms. Zhao wrote,
“It needs quite a bit more features: 2FA, login ID should be different from handle or email, etc. In the past, I have had my Twitter account locked a few times due to hackers trying to brute-force it (trying different passwords repeatedly). This was before the ‘Elon era.’”
Two-factor authentication is one of the most widely accepted and recommended defenses against hackers. Users are required to set two sets of information that verify their identity before letting them access an account. Twitter does support two-factor authentication, but only for paid users.
2023 has been particularly harsh when it comes to hacks, with Web3 platforms losing upwards of $1 billion in hacks and rug pulls, according to a report by Immunefi. The report highlighted 211 separate incidents, with August alone accounting for a loss of over $23 million.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.