Web3 Daily

View Original

Could I Get Another Scam, Please?

TL;DR

  • Vitalik Buterin’s (founder of Ethereum aka “ETH daddy”), Twitter/X account was hacked over the weekend.

  • Here's what we know: After taking control over Vitalik’s account, the scammers posted a link to a fake NFT collection, leading Vitalik’s followers to click the link, connect their wallet, then see their wallet entirely drained.

  • The result? More than $690K was stolen in a couple of hours. Poof! Gone in the blink of an eye.

Full Story

No one is safe out there.

Not even Vitalik Buterin (founder of Ethereum aka “ETH daddy”), whose Twitter/X account was hacked over the weekend.

Here's what we know:

After taking control over Vitalik’s account, the scammers posted a link to a fake NFT collection, leading Vitalik’s followers to click the link, connect their wallet, then see their wallet entirely drained.

The result?

More than $690K was stolen in a couple of hours. Poof! Gone in the blink of an eye.

What’s worse, the first publicly-claimed Crypto Punk (essentially the very first NFT ever minted valued at 150ETH or ~$234K) has been lost in the hack as well.

So how do those hacks work? Isn’t the blockchain supposed to be un-hackable?

Well, it’s not the blockchain that got hacked, as much as it is Twitter/Vitalik.

The general guess as to how it went down?

  1. Hackers sim swapped Vitaliks number (i.e. called his mobile provider pretending to be him, claimed he’d lost his phone and required a new sim).

  2. Forced a password reset on Vitalik’s Twitter/X account.

  3. Verified the reset via text and started posting.

Some did…and once they’d entered their password and connected their wallets, the hackers were free to drain them.

Moral of the story?

Don’t use your phone number for two-factor authentication.