The crypto space has always been inundated with several hacks, breaches and exploits, but now one of the most prominent personalities in the industry, Vitalik Buterin, Ethereum co-founder has become a victim.
According to reports over the weekend, Vitalik’s X (Twitter) account was targeted by a hacker, who managed to steal almost $700,000 from unsuspecting users after sharing malicious links through the hacked account.
How it happened
On Saturday, in a now-deleted post, the hacker who gained access to Vitalik Buterin’s account made an announcement about the launch of a new set of commemorative NFTs from software provider, Consensys.
The link, which was visible to Vitalik Buterin’s 4.9 million followers on X, urged users to connect their wallets and mint the NFTs. Unbeknownst to the victims, it was a malicious link to entice them to connect their wallets before ultimately stealing all their funds.
In an X (Twitter) post on Sunday, Dmitry Buterin, the father of Vitalik Buterin, announced that his son’s account had been compromised:
“Disregard this post, apparently Vitalik has been hacked. He is working on restoring access.”
But unfortunately, the deed had already been done.
According to prominent blockchain investigator, ZachXBT, the incident led to victims collectively losing over $691,000 after clicking on the malicious link. Ethereum developer Bok Khoo, also known as Bokky Poobah on X, claims that he has suffered losses in his CryptoPunk NFT collection. At press time, the floor price for a CryptoPunk NFT stands at 46.99 ETH which is around $76,000.
ZachXBT later on Sunday shared that the most valuable NFT stolen so far is CryptoPunk #3983, worth 153.62 ETH (around $250,000).
Although Vitalik Buterin hasn’t commented on the issue yet, speculators insist that his account must have been compromised because he might not have implemented sufficient security measures.
Incessant hacks in the crypto space
This latest incident adds to an ever-increasing list of social media hacks that have resulted in the loss of millions of tokens. According to a report by Immunefi, Web3 platforms have lost over $1 billion in hacks and rug pulls in 2023 so far. The report highlighted 211 separate incidents and concluded that crypto investors lost a total of $54 million in a single month.
Recall that in August, the Terra blockchain’s official website was taken over by hackers who posted a series of malicious links. This series of attacks has brought X (Twitter)’s security into question, with Binance CEO Changpeng Zhao stating that the platform’s security is not well designed compared to traditional financial accounts and platforms.
“It needs quite a bit more features: 2FA, login ID should be different from handle or email, etc. In the past, I have had my Twitter account locked a few times due to hackers trying to brute-force it (trying different passwords repeatedly). This was before the ‘Elon era.’” – Changpeng Zhao, Binance CEO said.
Two-factor authentication is one of the most widely accepted and recommended defences against hackers. Users are required to set two sets of information that verify their identity before letting them access an account. Twitter supports two-factor authentication, but only for paid users.
On the flip side, some X (Twitter) users speculate that Vitalik Buterin’s account was compromised through a SIM swap attack. SIM swapping involves taking control of someone’s phone number in order to overcome some two-factor security measures on websites like crypto exchanges or social media sites.
It is however not certain yet as Buterin’s high profile makes him susceptible to various forms of hacking attempts. It is however important to be wary of clicking links, especially random ones on social media.
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!