Massive Phishing Scam Occurs As Vitalik Buterin Sees His X Account Get Hacked

On September 9th, 2023, cyber attackers directed their efforts towards the Twitter account of Vitalik Buterin, one of the co-founders of Ethereum. They employed a deceptive tactic, sharing a fraudulent ConsenSys link, which resulted in the theft of nearly $700,000.

Hackers Successfully Ensnare Unsuspecting Followers

Dmitry Buterin, the father of Vitalik, confirmed the security breach and noted that his son was actively working to regain control of the account. The deceptive post, which lured in many followers, contained a misleading link.

This link was accompanied by a message announcing the release of a commemorative NFT by ConsenSys, celebrating the introduction of the latest Ethereum feature, Proto-Danksharding. Consequently, users were enticed to click on the link in anticipation of receiving a free NFT, only to fall into a trap.

What made matters worse was the apparent authenticity of the message, as it appeared to originate via a verified account. Tragically, those who fell for the ruse and clicked on the link ended up losing their valuable NFTs. In any case, many called the security of the social media platform into question following the incident.

Additional Security Needed

The hackers executed their scheme in a simple yet effective manner, as the deceitful link granted them access to the wallets of unsuspecting followers, resulting in significant NFT asset losses. In particular, Ethereum developer BookyPooBah suffered the loss of two notable CryptoPunks, namely 3983 and 1751, along with other NFTs such as Milady 4755, Meebit 9965, and Meridian 918.

On-chain analyst ZachXBT estimated the total value of the stolen assets at approximately $691,000. More importantly, this incident highlights a growing concern surrounding the surge in phishing scams on the X platform, formerly known as Twitter, which has witnessed a troubling increase throughout the year.

Prominent figures in the cryptocurrency community, including ZachXBT and even Binance CEO Changpeng Zhao, have voiced their mounting concerns about the proliferation of these cybercrimes. They emphasize that wrongdoers frequently deploy verified bots and strategically target influential accounts to disseminate their fraudulent links. During a previous incident in July, hackers infiltrated the accounts of notable individuals, including Uniswap founder Hayden Adams and the blockchain network Aptos. In a separate case, it was reported that one crypto enthusiast suffered a staggering loss of $24 million due to a similar phishing scheme.

In response to this alarming trend, Zhao called on the online community to exercise caution and suggested that additional features must be implemented as soon as possible, such as two-factor authentication (2FA) and separate login IDs besides handles or emails. He pointed out that he had faced multiple instances of his Twitter account being locked due to hackers attempting to brute-force it by repeatedly trying different passwords.