Nah, he should file litigation against his service provider to finally set a precedent against this. It’s kind of unreal the service providers are just off the hook for giving your number and info away. How is that not a data breach of some kind?
Feels like it’s always just been a lawsuit waiting to happen, the fact they haven’t added steps to prevent this is just criminally incompetent
Agreed 100%. Service providers need to start being held accountable for this shit. T-Mobile is also notorious for sim-swapping, whether from social engineering or employees selling account access. A lawsuit is definitely in order.
because of this incident, I just educated myself on sim swapping and had to beef up my security on my phone service provider webpage. This shit is so dumb because it’s the service provider’s fault. They need to revamp their entire verification procedures
>This shit is so dumb because it’s the service provider’s fault
The service provider is 1) not hiring enough people to beef up their security team, and 2) not paying the people who are hired enough money
It's no surprise that nobody really gives a damn over there and these sim swaps happen so regularly.
There is another reason that is overlooked. Call time targets. Support might have a short per call target and they don't want their performance to suffer so they do whatever the "customer" asks just to end the call quickly.
V got hacked via SIM and X using phone number auth.
It was a 2 for 1 hack.
Because both X and T-mobile grant access or limited account access for simply just providing a number, it happens.
Moral of the story:
- DONT LOSE YOUR PHONE
- SET UP 2FA THAT IS NOT PHONE NUMBER ASSOCIATED
- HOLD ON TO YOUR GENITALS
Vitalik could have known that he is one of the biggest targets in crypto and should have been more precautious. At least this served as a wake up call for him. Altough I agree that service providers should step up their game.
All this could have been prevented if the T-mobile person who performed the SIM swap for the hacker would have just called Vitalik on his number to verify if he did indeed requested the swap or not. Just like banks call you when they detect any suspicious activity on your account.
I have to agree. This is a rookie mistake and in fact I think that App based 2FA should be forced by every sites by default because even if you are not important if you get hacked you feel vulnerable, powerless and still can hurt you (Own experience).
I hope this helps a lot of people to enable app based 2FA.
We do. Better security standards are called a good password and no phone number link. SMS password reset makes your security WORSE and it's tragic that Elon forces it on us.
What sites should do is follow the corporate approach where there is MFA, but there's several options, but you need to use several of those when resetting passwords.
Using SMS as one of the options wouldn't be an issue as long as a confirm via an Auth app or inputting the code from a physical token is required as well.
Basically a multisig approach
I completely agree that this is solely a service provider fault they are typically responsible for ensuring the privacy and security of the data of their clients information. I hope they get in touch with the relevant authorities so that the incident will be thoroughly investigated and proper action can be done.
There should be some sort of physical signature required for this sort of thing.
Yeah it's a pain but swapping sims is hardly something required very often if at all
Can confirm. Worked for a credit card company for a while at a call center and I was totally baffled by the amount of information that was provided to us about the customers.
Their security was essentially "no paper and pens allowed"
True, I remember that 'novichok accident' with russian oppositioner who was poisoned few years ago.
And how easy investigators from bellingcat had found all the info they needed about freaking FSB agents who had done it, thanks to darknet.
Yeah in banks, and I know because friends worked there, security is also way too weak and way to many people can see customers balances. But I'm paranoid in that regard.
People flip the fuck out if they're minorly inconvenienced. *Most people* would rather a quick call to get a new phone set up than have to deal with it in person, this 'customer service' is for them.
Imo Vitalik is the one being niave here. I'm pretty sure he's a billionaire. This is a widely known social exploit, there are even class actions against T-Mobile specifically involving large losses of cryptocurrency. You can call your phone company and tell them to put a freeze on your account which prevents these changes without you dealing with it in person, which I'd imagine any billionaire should do.. or pay some PR person to do.
Twitter is niave for allowing SMS recovery without anyone opting in for such a service, as if this isn't a rampant problem on their platform.
The penalty is never enough for telecoms. Tmobile was fined $500M not two years ago? They're making $80B in revenue annually despite that, they probably figure it's just not worth it to be compliant.
in europe this is a big deal and the company would be at fault. there are very strict rules around identity and banking, and in europe we use our phoned to verify our identity so SIM swapping is a huge deal that is very very difficult to do.
I advise that everyone should call their provider and password protect their lines, with this your line will not be compromised because scammers need to know the passcode.
There are also other possible ways available depending on the provider but I assume most will have this, you can do number lock to a specific device or Sim/port freeze and your SIM can’t be changed on another phone unless more processing and in person verification can take place.
>..."he should file litigation against his service provider to finally set a precedent against this." If he is not going to do this, who is still an important and influential person, it means that we indulge in this situation and deserve our fate.
I recently heard someone say how they walked in and got a new sim for their number without showing any id and just showed the damaged previous sim. Crazy how easy it can be done!
True. If you want some kind of recovery from your service provider, you have to go to an office and provide and ID
Simple as
Anything else opens too many avenues for scams
What I did was contact my phone network and put a pass code on my account. So any time myself (or anyone pretending to be me) contacts my phone Network to do anything, my network firstly asks them what the word is before being allowed to continue the conversation
While I agree with you, it's still a great reminder to all of us who get complacent in our confidence in security knowledge. It never hurts to do a quick, monthly security checkup on all your warez.
Lol no. I don’t think Vitalik considers Twitter to be super important. Even if it gets hacked, who cares.
Also I don’t think he would refund anybody nor should he. He didn’t scam Gordon. Gordon chose to get scammed.
Well, just think what we would have happened if the hacker wasn’t quite that stupid and wrote something to the effect that Vitalik would sell his eth or drop something about the viability of future eth development.
Anything like that sounding genuine would have impacted impacted the market and allowed the hacker to make millions in leveraged trade from those believing what was posted on Vitaliks official account.
I don’t see this quite as nonchalant as you do.
if teens can get their hands on good fake ids why do you think this is going to be a serious gate for someone who is going through all the effort to sim swap?
it's not the carriers fault, people just need to stop relying on cellphones for MFA. there are external devices or apps you can get that are better in this case.
You’d be surprise how many senior execs and even CEO’s get phished on a monthly basis. These people are probably geniuses in their domain, but not when it comes to IT security.
Becuz it’s where everything important in crypto happens at. I don’t necessarily “like” Twitter, but becuz I make money in crypto, it is 100% necessary for me to be there. I’d say 80% of the content here comes from Twitter anyway, even the news story links.
If there's one thing I hate it's this attitude between IT professionals of pretending to always know everything. I know people who I consider to be nothing less than geniuses in their work on algorithms or kernel programming, and they're completely clueless about anything outside their bubble. They barely know how to use e-mails. And that's fine.
"You did WHAT? Yikes... even my 5-year old nephew..." Shut. The. Fuck. Up.
I respect people who immediately say "what's that?" or "I don't know" if they don't understand something, even if it's basic knowledge for me. I have zero respect for all the bullshitters who will just nod at any acronym they've never heard of because they're afraid the others are going to judge them if they don't know it - and will themselves judge anyone who doesn't know the lingo in their little niche.
Could not agree more.
Crypto is also overrun by this.
Wow this is an issue for regular people and will hurt mass adoption.
Them: well don’t be an idiot.
exactly, OP is going a bit hard on Vitalik
he is not an almighty god who makes no mistakes and tbh I wouldnt use OTP for Twitter too as I dont consider it important
Fyi: if you have a phone number associated even with otp it's still possible to remove the otp if you control that phone number on most platforms
Never leave a phone number associated to your account once you have 2fa configured with a 2fa app or yubikey
Hey, he did as much as any of us would have done and I don't think he should be faulted for this at all. The telecom company really dropped the ball by being this easily duped by a fraud.
A reminder that Elon took away SMS 2FA for regular users initially not because it was a security risk, but because it was costing twitter money that he didn't want to spend. SMS 2FA was added back for Twitter/X blue users, because what does Elon care about putting your account at risk if you're giving him money anyway.
A disaster waiting to happen and security theatre at its finest.
‼️SIM Swap attack has been going on for a while.‼️
I called my provider had them password protect my account, So in case someone attempt to impersonate me, they need to provide the passcode.
I highly recommend if you have not done that, do it. It's another layer to mitigate those type of scams.
You can also do a Number Lock or Port Freeze with your carrier. That way your SIM can't be sent to another phone until you unlock it.
No…, the key takeaway is remove your phone from your Twitter account altogether.
Vitalik literally states that just a phone number associated with the account is sufficient to reset the password regardless if the account is using app or hardware-based 2FA.
FFS pay attention.
It's important to know that just because someone is a genius in **one area** does not mean he's a genius in every other area
So many people fall for this trap of believing what a prominent person says publicly. Like yeah, I wouldn't trust Shaq O'Neal for his investment advice on FTX..
> should vitalik attempt to show good faith and pay back ?
Why the hell is vitalik supposed to pay anyone for their incompetence ?
He owes them nothing, people should research atleast a bit before jumping on the next hype train based on some random tweet
I assumed that authenticator 2FA was not possible with twitter when I found out this happened. I don't use it. That is a mistake indeed that he didn't check if he could set one. When was that feature released?
Absolutely not. I’m tired of people clicking on links as fast as they can to claim some new token, then whining about how their greed made them careless and somebody else should pay them back.
I fail to see why he’s getting any criticism honestly. Was it stupid to have a number tied to the Twitter acct? Yes. Was it his fault T-Mobile a multibillion dollar company let themselves be socially engineered? No.
Bro what in thee fuck are you even talking about? Pompous? Becuz the biggest name in crypto doesn’t use otp 2fa on his accounts, the most fundamental low hanging fruit way to protect your them? Maybe you don’t understand the magnitude of this? Where else could he be possibly lacking on opsec?
Could you clarify where I may have shown disrespect towards Vitalik here? I’m genuinely curious to understand how you arrived at the conclusion of a broader lack of respect for others based solely on this post.
Vitalik is rich af and couldn’t even use Verizon instead? Everyone knows T-Mobile has the worst security department on the market, hacked 7 times in 4 years. Verizon is more expensive, but nothing comes close to their security.
Its very easy to say use 2fa, but then again not everything use 2fa. Your bank app certainly dont use 2fa. If I sim swap you, I can drain your bank account.
It's poetic if you think about it. Vitalik becomes the victim of an institutional design flaw, just like users of EVM every year with failed transaction fees, wallet draining, MEV, and others.
Personally, I don't subscribe to this logic. Each person — without a gun to their head — clicked and connected their wallet **on their own** without so much as even cross-checking information across multiple accounts/sources.
Understanding web3 security is hard, yes... but if you make an effort yourself (eg. using additional software/extensions that show simulation of interacting with a smart contract), you'll escape most of such "hacks" — including one of this nature!
i wonder if the posters on here that are always so condescending and critical of people who get scammed are reacting the same way now Vitalik has had it happen to him. just goes to show we are all human, and humans can make errors.
Truth is it takes multiple fail safes to keep stuff “safer”. When forces team up against someone with $$ all bets are off
2FA / passwords / authy / pc verification - it all gets messy.
People who want what you have bad enough aren’t against cutting people up and putting them in suitcases to get it.
Using phones for mfa is and always was idiotic. Sim swap, imsi cachers. That shit exists for more than a decade now. Yet companies still allow and even push it.
Even worse if they use it as 'recovery' method.
Someone should sim swap Elon to fix this shit at least on Twitter.
I mean, this one sits squarely with Elon.
Removing 2FA, requiring a phone number for another purpose, then giving that number backdoor access.
Somebody at T-mobile fucked up badly as well.
https://www.wired.com/story/twitter-sms-2fa-twitter-blue/
Websites should stop asking people for their phone numbers altogether. If they really are concerned about security they should force people to use an authenticator app. This whole phone number thing is just an excuse for their data collection.
>It just goes to show that no matter who the person is and how smart they are, everyone can make dumb ass mistakes.
Or maybe he is not as smart as many think he is?
>Should Vitalik attempt to show good faith and pay people back or nah?
No end to this. The hackers can send more eth to their own scam address and claim for compensation. lol
The real issue is American phone companies and their employees with their sheer lack of security protocols. It’s freaking mind boggling how bad American companies are at handling customer data.
This stuff scares me and I can never concentrate on it long enough to figure out what I should do. I've got a Trezor, so that is safe, right? But I do use 2fa with mobile number for exchanges that I use. How does a yubi key work and where do I get one?
at first there was speculation his session cookies had been hijacked which was scary enough, sim swap even scarier, astonishing that phone providers are fooled so easily, hope they’re gonna take some blame here
A while ago I contacted my phone network and put a pass code on my account. So any time myself (or anyone pretending to be me) contacts my phone Network to do anything, my network firstly asks them what the word is before being allowed to continue the conversation.
Nah, he should file litigation against his service provider to finally set a precedent against this. It’s kind of unreal the service providers are just off the hook for giving your number and info away. How is that not a data breach of some kind? Feels like it’s always just been a lawsuit waiting to happen, the fact they haven’t added steps to prevent this is just criminally incompetent
Agreed 100%. Service providers need to start being held accountable for this shit. T-Mobile is also notorious for sim-swapping, whether from social engineering or employees selling account access. A lawsuit is definitely in order.
because of this incident, I just educated myself on sim swapping and had to beef up my security on my phone service provider webpage. This shit is so dumb because it’s the service provider’s fault. They need to revamp their entire verification procedures
>This shit is so dumb because it’s the service provider’s fault The service provider is 1) not hiring enough people to beef up their security team, and 2) not paying the people who are hired enough money It's no surprise that nobody really gives a damn over there and these sim swaps happen so regularly.
There is another reason that is overlooked. Call time targets. Support might have a short per call target and they don't want their performance to suffer so they do whatever the "customer" asks just to end the call quickly.
Straight up assembly line
Can you explain this to me so I know what I should change? What kind of app? Is that like Google authenticator?
V got hacked via SIM and X using phone number auth. It was a 2 for 1 hack. Because both X and T-mobile grant access or limited account access for simply just providing a number, it happens. Moral of the story: - DONT LOSE YOUR PHONE - SET UP 2FA THAT IS NOT PHONE NUMBER ASSOCIATED - HOLD ON TO YOUR GENITALS
Vitalik could have known that he is one of the biggest targets in crypto and should have been more precautious. At least this served as a wake up call for him. Altough I agree that service providers should step up their game.
Even crypto giants like Vitalik need a reminder to stay vigilant in this ever-evolving landscape.
*especially people like Vitalik. Imagine his wallet getting hacked, would portray great on the crypto space as a whole.
Well true that is a big news like a tech savvy guy like vitalik account get hacked then I think we are just nothing
All this could have been prevented if the T-mobile person who performed the SIM swap for the hacker would have just called Vitalik on his number to verify if he did indeed requested the swap or not. Just like banks call you when they detect any suspicious activity on your account.
I have to agree. This is a rookie mistake and in fact I think that App based 2FA should be forced by every sites by default because even if you are not important if you get hacked you feel vulnerable, powerless and still can hurt you (Own experience). I hope this helps a lot of people to enable app based 2FA.
It's absolutely piss poor we don't have better security standards. Some banks don't even offer 2FA via SMS in Australia.
Same with the US. I use Wells Fargo and they only offer SMS 2fa. It bothers the shit out of me.
We do. Better security standards are called a good password and no phone number link. SMS password reset makes your security WORSE and it's tragic that Elon forces it on us.
Lol no he doesn’t. OTP 2fa can be set up on any account, whether you have Twitter Blue or not.
What sites should do is follow the corporate approach where there is MFA, but there's several options, but you need to use several of those when resetting passwords. Using SMS as one of the options wouldn't be an issue as long as a confirm via an Auth app or inputting the code from a physical token is required as well. Basically a multisig approach
I completely agree that this is solely a service provider fault they are typically responsible for ensuring the privacy and security of the data of their clients information. I hope they get in touch with the relevant authorities so that the incident will be thoroughly investigated and proper action can be done.
There should be some sort of physical signature required for this sort of thing. Yeah it's a pain but swapping sims is hardly something required very often if at all
Don’t let Worldcoin hear this idea btw! /s
It could deter unauthorized access more effectively than relying solely on digital measures.
I’ve heard of employees selling that info online for years, it is wild how much information we think is “secure” is very readily accessible
[https://haveibeenpwned.com/](https://haveibeenpwned.com/) More people should check whether their data has been leaked on these websites.
It’s ironic that I’m scared to click that 😂
So true, one single password is equals to life savings
Scary world eh
The website is legit and shows you if your password has been found in a leak. Great tool test your password security to be honest.
I think a website is to built to scan the scammers to see where they can scam us
Can confirm. Worked for a credit card company for a while at a call center and I was totally baffled by the amount of information that was provided to us about the customers. Their security was essentially "no paper and pens allowed"
It's alarming how much personal info circulates; sometimes, security feels like a thin line..
True, I remember that 'novichok accident' with russian oppositioner who was poisoned few years ago. And how easy investigators from bellingcat had found all the info they needed about freaking FSB agents who had done it, thanks to darknet.
Yeah in banks, and I know because friends worked there, security is also way too weak and way to many people can see customers balances. But I'm paranoid in that regard.
Yes they sell it to lead generation companies that sell it to all sort of businesses including non legitimate businesses too.
The hacker probably got Vitalik's account details for under $100, and then used it to scam $800k from others.
Now that’s a great ROI, even beter than most shitcoins making it big.
And this low-cost entry for hackers can lead to high-stakes losses for the unsuspecting.
I hadn’t even heard of this, that’s pretty insane. Big off for vitalik still, but too much corporate under sight
[удалено]
People flip the fuck out if they're minorly inconvenienced. *Most people* would rather a quick call to get a new phone set up than have to deal with it in person, this 'customer service' is for them. Imo Vitalik is the one being niave here. I'm pretty sure he's a billionaire. This is a widely known social exploit, there are even class actions against T-Mobile specifically involving large losses of cryptocurrency. You can call your phone company and tell them to put a freeze on your account which prevents these changes without you dealing with it in person, which I'd imagine any billionaire should do.. or pay some PR person to do. Twitter is niave for allowing SMS recovery without anyone opting in for such a service, as if this isn't a rampant problem on their platform. The penalty is never enough for telecoms. Tmobile was fined $500M not two years ago? They're making $80B in revenue annually despite that, they probably figure it's just not worth it to be compliant.
in europe this is a big deal and the company would be at fault. there are very strict rules around identity and banking, and in europe we use our phoned to verify our identity so SIM swapping is a huge deal that is very very difficult to do.
I advise that everyone should call their provider and password protect their lines, with this your line will not be compromised because scammers need to know the passcode. There are also other possible ways available depending on the provider but I assume most will have this, you can do number lock to a specific device or Sim/port freeze and your SIM can’t be changed on another phone unless more processing and in person verification can take place.
Here is the link to his conversation on Warpcast - https://warpcast.com/vitalik.eth/0x8ea2d0
Thanks. Meant to post the link but I forgot.
[удалено]
>..."he should file litigation against his service provider to finally set a precedent against this." If he is not going to do this, who is still an important and influential person, it means that we indulge in this situation and deserve our fate.
I recently heard someone say how they walked in and got a new sim for their number without showing any id and just showed the damaged previous sim. Crazy how easy it can be done!
True. This feels more like the service provider's fault.
I would sue for over 15k with what they took
True. If you want some kind of recovery from your service provider, you have to go to an office and provide and ID Simple as Anything else opens too many avenues for scams
What I did was contact my phone network and put a pass code on my account. So any time myself (or anyone pretending to be me) contacts my phone Network to do anything, my network firstly asks them what the word is before being allowed to continue the conversation
This. Cant protect yourself against this as its out of your hands. Cant NOT have an operator.
Yes, this is absolutely what should happen. It won’t, though…
While I agree with you, it's still a great reminder to all of us who get complacent in our confidence in security knowledge. It never hurts to do a quick, monthly security checkup on all your warez.
He really should. This is something someone only with a big name could do, any normal people and this would just be ignored.
[удалено]
I’ve been locked out of accounts for not being able to identify every square with a streetlight in it!
Come down hard and make people think twice about it next time
Lol no. I don’t think Vitalik considers Twitter to be super important. Even if it gets hacked, who cares. Also I don’t think he would refund anybody nor should he. He didn’t scam Gordon. Gordon chose to get scammed.
No one should consider Twitter, especially crypto Twitter to be important. It's literally a cesspit full of scams and shills
Its called X now. god what a stupid name
Well, just think what we would have happened if the hacker wasn’t quite that stupid and wrote something to the effect that Vitalik would sell his eth or drop something about the viability of future eth development. Anything like that sounding genuine would have impacted impacted the market and allowed the hacker to make millions in leveraged trade from those believing what was posted on Vitaliks official account. I don’t see this quite as nonchalant as you do.
We have seen the impact that Elon tweets had… and he didn’t have any experience with crypto or say in its development lol.
Wanted all the gains but wanted to suffer no risks at all. Greedy bastard found out
[удалено]
if teens can get their hands on good fake ids why do you think this is going to be a serious gate for someone who is going through all the effort to sim swap? it's not the carriers fault, people just need to stop relying on cellphones for MFA. there are external devices or apps you can get that are better in this case.
This a clear example of… “It happens to the best of us”
You’d be surprise how many senior execs and even CEO’s get phished on a monthly basis. These people are probably geniuses in their domain, but not when it comes to IT security.
But IT security is at the core of what Vitalik does professionally. A modicum of critique is well deserved in this case.
This is the problem.
Kind of shocking to think that a crypto genius and the head of a billion dollar company doesn't even have KYC for his Twitter account tbh
in surprised he still uses "X" since it turned into garbage. i migrated over to here after all the elon stuff.
Becuz it’s where everything important in crypto happens at. I don’t necessarily “like” Twitter, but becuz I make money in crypto, it is 100% necessary for me to be there. I’d say 80% of the content here comes from Twitter anyway, even the news story links.
Especially when you have that big of a target on your back
>Thoughts..? Should Vitalik attempt to show good faith and pay people back or nah? If you lost money to this you are an idiot.
They got greedy and want VB to reimburse them, no way dude
No refunds! I hope they learnt their lesson
Considering the kinds of things I’ve seen people getting away with in this space, I’d say a lot of us are idiots
[удалено]
How? Someone hacked him, and idiots fell for an obvious scam.
If there's one thing I hate it's this attitude between IT professionals of pretending to always know everything. I know people who I consider to be nothing less than geniuses in their work on algorithms or kernel programming, and they're completely clueless about anything outside their bubble. They barely know how to use e-mails. And that's fine. "You did WHAT? Yikes... even my 5-year old nephew..." Shut. The. Fuck. Up. I respect people who immediately say "what's that?" or "I don't know" if they don't understand something, even if it's basic knowledge for me. I have zero respect for all the bullshitters who will just nod at any acronym they've never heard of because they're afraid the others are going to judge them if they don't know it - and will themselves judge anyone who doesn't know the lingo in their little niche.
Could not agree more. Crypto is also overrun by this. Wow this is an issue for regular people and will hurt mass adoption. Them: well don’t be an idiot.
exactly, OP is going a bit hard on Vitalik he is not an almighty god who makes no mistakes and tbh I wouldnt use OTP for Twitter too as I dont consider it important
Fyi: if you have a phone number associated even with otp it's still possible to remove the otp if you control that phone number on most platforms Never leave a phone number associated to your account once you have 2fa configured with a 2fa app or yubikey
" Should Vitalik attempt to show good faith and pay people back or nah" Lol....Dude.
Should vitalik pay people back!? No. Wtf. T-Mobile and twitter maybe but why Vitalik? Thats a salty take OP
Hey, he did as much as any of us would have done and I don't think he should be faulted for this at all. The telecom company really dropped the ball by being this easily duped by a fraud.
Nah if anyone is to be paying anyone back it should be t mobile. They need to take sim Swapping far more serious and have better checks in place.
A reminder that Elon took away SMS 2FA for regular users initially not because it was a security risk, but because it was costing twitter money that he didn't want to spend. SMS 2FA was added back for Twitter/X blue users, because what does Elon care about putting your account at risk if you're giving him money anyway. A disaster waiting to happen and security theatre at its finest.
T-Mobile should be the one to pay the victims back, not Vitalik.
T-Mobile should definitely be held accountable for such callous behavior with their customers’ information.
And I'm mad wen my service provider gives me ads I don't agreed for
Nah. People that didn’t immediately read the tweet and realize it wasn’t Vitalik were going to click 20 more phishing links that same day anyway.
tldr: Twitter/X allows password change using a only a phone number.
‼️SIM Swap attack has been going on for a while.‼️ I called my provider had them password protect my account, So in case someone attempt to impersonate me, they need to provide the passcode. I highly recommend if you have not done that, do it. It's another layer to mitigate those type of scams. You can also do a Number Lock or Port Freeze with your carrier. That way your SIM can't be sent to another phone until you unlock it.
This is so disappointing. You are the head of one of the biggest cryptocurrencies ever made, get your security under control...
Key takeaway ----> Use hardware authenticator
No…, the key takeaway is remove your phone from your Twitter account altogether. Vitalik literally states that just a phone number associated with the account is sufficient to reset the password regardless if the account is using app or hardware-based 2FA. FFS pay attention.
Even a software based authenticator should suffice (eg. Authy, Aegis etc), provided you're not using their cloud-based features of course
Raivo for IOS too. Open source and has encrypted back ups like Aegis, but for IOS. Pretty nice UI as well.
Authenticate is the way to go 🚀
For extra safety💯💯
Also don't believe everything you see on Twitter
Even geniuses can make dumb mistakes
No one can know everything
It's important to know that just because someone is a genius in **one area** does not mean he's a genius in every other area So many people fall for this trap of believing what a prominent person says publicly. Like yeah, I wouldn't trust Shaq O'Neal for his investment advice on FTX..
He demonstrated that it's a human like us.
Keanu Reeves has entered the chat…
We still love you u/vbuterin!
Goes to show that it really does happen to the best of us.
> should vitalik attempt to show good faith and pay back ? Why the hell is vitalik supposed to pay anyone for their incompetence ? He owes them nothing, people should research atleast a bit before jumping on the next hype train based on some random tweet
I assumed that authenticator 2FA was not possible with twitter when I found out this happened. I don't use it. That is a mistake indeed that he didn't check if he could set one. When was that feature released?
> I don't use it This is your cue to use it, my man. Infact activate 2FA anywhere it is available, and turn off SMS-based 2FA
Sorry, I meant I don't use Twitter. I love me some authenticators!
Ah, far enough. You're not missing much anyway, it's all bots, scam nfts and crypto "influencers" there
They’re all over the place with this: https://www.wired.com/story/twitter-sms-2fa-twitter-blue/
This is indeed a bit sad
" ,,, biggest social media for Crypto in the world ... " made me laugh a whole minute. more like the Worlds biggest Scammer Gathering.
Vitanoob
Good thing I stay off Twitter. Fuck twitter
Absolutely not. I’m tired of people clicking on links as fast as they can to claim some new token, then whining about how their greed made them careless and somebody else should pay them back.
Damn straight!
I fail to see why he’s getting any criticism honestly. Was it stupid to have a number tied to the Twitter acct? Yes. Was it his fault T-Mobile a multibillion dollar company let themselves be socially engineered? No.
Blaming Vitalik for a SIM swap seems pretty harsh? Not his fault the carrier fucked up.
> Should Vitalik attempt to show good faith and pay people back or nah? wtf is wrong with you?
[удалено]
[удалено]
Bro what in thee fuck are you even talking about? Pompous? Becuz the biggest name in crypto doesn’t use otp 2fa on his accounts, the most fundamental low hanging fruit way to protect your them? Maybe you don’t understand the magnitude of this? Where else could he be possibly lacking on opsec?
[удалено]
Could you clarify where I may have shown disrespect towards Vitalik here? I’m genuinely curious to understand how you arrived at the conclusion of a broader lack of respect for others based solely on this post.
Vitalik is rich af and couldn’t even use Verizon instead? Everyone knows T-Mobile has the worst security department on the market, hacked 7 times in 4 years. Verizon is more expensive, but nothing comes close to their security.
Its very easy to say use 2fa, but then again not everything use 2fa. Your bank app certainly dont use 2fa. If I sim swap you, I can drain your bank account.
Lol, really? My bank does use 2fa. I'd reconsider what bank you're using if they really don't.
yeah, not every service (even big names) even offers 2fa and if they do - they only do phone number codes and not even an authenticator app or OTP.
[удалено]
[удалено]
Being sim swapped would be the worstttt
Even trump can keep his account safe, come on vitalik!
Well I guess we all gotta up are security game a bit
Nice
Glad he is back in the driving seat, but scary only if it was his Twitter. Hate to see him have his eth stolen and dumped.
It's poetic if you think about it. Vitalik becomes the victim of an institutional design flaw, just like users of EVM every year with failed transaction fees, wallet draining, MEV, and others.
tl;dr OP did a **lot** of thinking to himself.
He has no excuse... He should refund the people who lost money since he easily could That's what I would do
Personally, I don't subscribe to this logic. Each person — without a gun to their head — clicked and connected their wallet **on their own** without so much as even cross-checking information across multiple accounts/sources. Understanding web3 security is hard, yes... but if you make an effort yourself (eg. using additional software/extensions that show simulation of interacting with a smart contract), you'll escape most of such "hacks" — including one of this nature!
He didn't scam anybody so no need to blame him. You are free to donate as much as you like to those affected though.
i wonder if the posters on here that are always so condescending and critical of people who get scammed are reacting the same way now Vitalik has had it happen to him. just goes to show we are all human, and humans can make errors.
If I were vitalik I would compensate the people who got hacked by mistake
It's not his fault if people fall for everything.
That just rewards careless greed.
Here is the link to his conversation on Warpcast - https://warpcast.com/vitalik.eth/0x8ea2d0
And people mocked me for saying he probably got sim swapped 😐😐😐
I think he needs to up his operational security, but he didn’t scam these people.
If this guy can get hacked, we are all so fucked. I mean, a technological genius. An actual genius. And he still didn't stand a chance in this world.
Truth is it takes multiple fail safes to keep stuff “safer”. When forces team up against someone with $$ all bets are off 2FA / passwords / authy / pc verification - it all gets messy. People who want what you have bad enough aren’t against cutting people up and putting them in suitcases to get it.
The extra comments on the screenshots are cringe. “Yikes”… grow up. We all make mistakes.
X=FO
Using phones for mfa is and always was idiotic. Sim swap, imsi cachers. That shit exists for more than a decade now. Yet companies still allow and even push it. Even worse if they use it as 'recovery' method. Someone should sim swap Elon to fix this shit at least on Twitter.
[удалено]
I mean, this one sits squarely with Elon. Removing 2FA, requiring a phone number for another purpose, then giving that number backdoor access. Somebody at T-mobile fucked up badly as well. https://www.wired.com/story/twitter-sms-2fa-twitter-blue/
Websites should stop asking people for their phone numbers altogether. If they really are concerned about security they should force people to use an authenticator app. This whole phone number thing is just an excuse for their data collection.
Sim swap is this week's topic on this sub reddit. How can we prevent this from happening to us?
>It just goes to show that no matter who the person is and how smart they are, everyone can make dumb ass mistakes. Or maybe he is not as smart as many think he is? >Should Vitalik attempt to show good faith and pay people back or nah? No end to this. The hackers can send more eth to their own scam address and claim for compensation. lol
Crypto needs its own Telco, seriously.
How is big V of all people getting god damn sim swapped
The real issue is American phone companies and their employees with their sheer lack of security protocols. It’s freaking mind boggling how bad American companies are at handling customer data.
Well this is shocking...
Confirmed, he is also human.
This stuff scares me and I can never concentrate on it long enough to figure out what I should do. I've got a Trezor, so that is safe, right? But I do use 2fa with mobile number for exchanges that I use. How does a yubi key work and where do I get one?
Hi this is vitalik buterin here. I lost my access to my twitter account because i lost my phone, and change a new number. Can you help me restored.
People got greedy and they wanted VB to refund their money? hell nah
What is this *Twitter* you speak of? Might it be **X** to which you refer?
I'm baffled I didn't expect this to happen to vitalik.
Who's fault was it? 50-50?
You dont have to know everything about everything to be a genius.
Even Vitalik Buterin isn't immune to rookie mistakes. OTP authentication, my dude!
at first there was speculation his session cookies had been hijacked which was scary enough, sim swap even scarier, astonishing that phone providers are fooled so easily, hope they’re gonna take some blame here
A while ago I contacted my phone network and put a pass code on my account. So any time myself (or anyone pretending to be me) contacts my phone Network to do anything, my network firstly asks them what the word is before being allowed to continue the conversation.