Following the hack of Ethereum co-creator Vitalik Buterin’s X (formerly Twitter) account, victims allegedly suffered losses surpassing $691,000 due to a malicious phishing link falsely advertising an exclusive NFT.
Hackers Takeover Buterin’s Twitter Account
In a September 9 X post, Dmitry “Dima” Buterin, the father of Vitalik Buterin, revealed that his son’s account had been compromised:
“Disregard this post, apparently Vitalik has been hacked. He is working on restoring access.”
When Buterin’s account was taken over, it was used to announce the fake launch of a set of commemorative non-fungible tokens (NFTs) from software provider Consensys. The malicious link, which could have been seen by many of his 4.9 million followers on X, enticed victims to link their wallets to mint the NFTs quickly before ultimately making off with funds.
The tweet containing the link has since been taken down, but the damage has already been done, as many victims reported losing access to crypto assets in their wallets. The bad actor stole over $147,000 in the span of an hour, but that swiftly grew to $691,000, as per blockchain analyst @ZachXBT, with 73% of that value constituting NFTs. Notably, Ethereum developer Bok Khoo, aka Bokky Poobah, claimed to have endured some losses in his CryptoPunk NFT collection.
Some claimed that Buterin was the victim of a “SIM Swap” attack after failing to implement adequate security measures for his X account. ZachXBT, however, dismissed such speculations, positing that Buterin is “a big enough target to where an insider could have been paid off or panel was used.”
The blockchain investigator reported that the attacker subsequently sent a stolen NFT to Buterin. The Ethereum founder has yet to comment publicly since the hack was first reported.
The exact number of users affected is still unknown. Nonetheless, Buterin’s account takeover marks the latest in a growing list of hacks carried out on X that have raked in millions. Several renowned crypto project founders and company accounts have been previously targeted, from blue-chip NFT project Azuki to Robinhood.