The call for better security measures on social media platforms has escalated following the high-profile hack of Vitalik Buterin’s X (Twitter) account over the weekend. Crypto industry experts have waded in offering their opinions and advice.
On September 9, Ethereum co-founder Vitalik Buterin was locked out of his X (formerly Twitter) account following the latest high-profile hack.
Buterin Hack Prompts Response
As reported by BeInCrypto, the scammers posted a fraudulent phishing link and NFT giveaway. They netted almost $700,000 in NFTs from duped victims who clicked the dodgy link.
On September 10, Ethereum core developer Tim Beiko warned that phone numbers linked to X (Twitter) accounts can be used to reset passwords. He advised removing your phone number from your account.
“If your Twitter account pre-dates crypto, strongly recommend double-checking, and adding strong 2FA!”
He pinged platform owner Elon Musk to say that this tip,
“Seems like a no-brainer to have this default on, or to default turn it on when an account reaches, say, >10k followers.”
Twitter X Settings Show How to Turn on Password Reset Protection. Source: Tim Beiko / X
Password recovery via SMS appears to be a major problem for platform security. Besides the obvious privacy leak, this is a huge help for hackers, said engineer ‘Captain_Plantain:’
“They can scrape the password reset tool for accounts that have a phone associated and target them for sim swaps!”
Hackers use SIM swapping, also known as simjacking, as a technique to gain control of a victim’s phone number. With control of the number, scammers can use two-factor authentication to access bank accounts, social media accounts, and crypto exchange accounts.
DeFi researcher “Ignas” told his 63,000 followers that he was “double thinking” his security setup:
“The crucial step is to remove SMS 2FA from X.”
Moreover, Binance CEO Changpeng Zhao echoed the call for stronger security over the weekend:
“Twitter’s account security is not designed as financial platforms. It needs quite a bit more features: 2FA, login ID should be different from handle or email, etc.”
He revealed that hackers caused a lock on his own account a few times while trying to brute-force it.
Crypto Scams Show No Signs of Slowing
Late last month, a new phishing attack targeted FTX users on their company-registered email addresses.
The attacks came a week after Kroll, the claims agent in the bankruptcy proceedings, was impacted by a SIM-swapping attack.
In July, Uniswap CEO and founder Hayden Adams had his Twitter account hacked. The scammers posted a fake token revoke link warning Uniswap users about an exploit.
Moreover, one of the largest crypto phishing attacks occurred last week. A whale lost $24 million in stETH and rETH tokens in the massive exploit where token approvals were enabled by the victim.
