Vitalik Buterin’s X (Formerly Twitter) Account Hacked, Leads to $700,000 Phishing Scam
On September 9, hackers targeted Ethereum co-founder Vitalik Buterin’s X (previously known as Twitter) account. They posted a fraudulent ConsenSys link, swindling almost $700,000 from unsuspecting followers.
Deceptive Post Snares Vitalik Buterin’s Followers
The cybercriminals uploaded a misleading link, accompanying it with a message that announced the release of a commemorative NFT by ConsenSys, celebrating Ethereum’s Proto-Danksharding introduction. As a result, the message enticed users to click on the link for a free NFT, which turned out to be a trap.
The fact that the message seemed authentic and came from Buterin’s verified account led many users astray. Tragically, those who clicked on the link were stripped of their valuable NFTs.
The hackers used a typical modus operandi: the deceitful link allowed them access to the wallets of unsuspecting followers, causing a significant loss of NFT assets.
Notably, Ethereum developer BookyPooBah lost two CryptoPunks, #3983 and #1751, amongst other NFT losses. The list of stolen NFTs also included well-known ones like Milady 4755, Meebit #9965, and Meridian #918.
On-chain analyst ZachXBT estimated the stolen assets’ value at roughly $691,000. As of the reporting time, it is uncertain if Buterin has resecured his account, though the deceptive post has been removed.
Rising Concerns Over X (Formerly Twitter) Security
Prominent crypto personalities, including ZachXBT and Binance’s CEO Changpeng Zhao, have expressed increasing concerns about the rise in such cybercrimes. They highlight that malefactors frequently use verified bots and strategically target influential accounts to spread their fraudulent links.
Earlier in July, hackers infiltrated the accounts of notable individuals, including Uniswap founder Hayden Adams and blockchain network Aptos. In a separate incident, BeInCrypto reported that a cryptocurrency enthusiast lost a staggering $24 million to a similar phishing scheme.
Addressing this alarming trend, Zhao urged the online community to exercise caution. He stated:
“Twitter’s account security is not designed as financial platforms. It needs quite a bit more features: 2FA, login id should be different from handle or email, etc. In the past, I have had my Twitter account locked a few times due to hackers trying to brute-force it (trying different passwords repeatedly)”