Vitalik Buterin Suffered SIM Swap Attack

Reading Time: 2 minutes
  • Vitalik Buterin has revealed that a SIM swap attack was behind the compromising of his X account, resulting in victims losing over $650,000
  • The breach occurred when unauthorized individuals gained access to Buterin’s X account and shared a fake link to a limited edition NFT
  • T-Mobile has a history of SIM swap attacks, including incidents in 2019 and a lawsuit filed by Veritaseum CEO Reggie Middleton in 2020

Vitalik Buterin has revealed that a SIM swap attack led to his X account being recently compromised and saw victims lose over $650,000 as a result. The Ethereum founder said in an X post that his T-Mobile account was infiltrated from within the company, allowing an external actor to take over the device, which they used to solicit funds from Vitalik’s unsuspecting followers. This is not the first time that T-Mobile has been caught up in such a scandal, and as past incidents show Buterin got off lightly.

$650,000 Stolen From NFT Scam Post

Buterin’s X account was compromised over the weekend when unauthorized individuals managed to gain access to his X account and used it to share a counterfeit link to a limited edition NFT. The NFT was falsely advertised as a tribute to the forthcoming release of “proto-danksharding” for Ethereum.

Proto-danksharding, an impending update to the cryptocurrency’s digital infrastructure, had been in its final development stages and was slated for release in the coming months. This update aimed to utilize “data blobs,” enabling the Ethereum network to expand its capacity and process up to 100,000 daily transactions.

The post was removed after 20 minutes but not before sufficient damage had been done, and Buterin revealed it was an inside job:

Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).

Buterin added that he didn’t remember when he submitted his phone number but that it must have been when he signed up for Twitter Blue and advised others to remove their phone numbers from their accounts.

Not T-Mobile’s First Rodeo

This is far from T-Mobile’s first dalliance with SIM swap attacks, indeed it’s a wonder anyone in the crypto space uses them at all. A spate of attacks took place in 2019, with 15 people targeted in one week, and a year later Veritaseum CEO Reggie Middleton sued the company over several attacks between 2017 and 2019 that saw him lose $8.7 million in cryptocurrencies.

In these instances, as in Buterin’s, it is suspected that individuals working for T-Mobile were coerced or financially induced to make changes to the victim’s details to allow the hacker access.

The company also suffered a huge data breach in 2021 which saw personal and device data of 100 million customers for sale on the dark web.