The X (formerly Twitter) account of co-founder Vitalik Buterin was hacked late on Friday, September 9, 2023. The hacker used the compromised account to disseminate a phishing link, leading to the theft of approximately $691,000 worth of cryptocurrency and non-fungible tokens (NFTs) from victims’ wallets. The incident was confirmed by Dmitriy Buterin, Vitalik’s father, via his own X account.
The hacker posted an announcement on Buterin’s feed about the launch of a set of commemorative NFTs from software provider Consensys. The malicious link, which could have been viewed by many of Buterin’s 4.9 million followers, prompted victims to connect their wallets to mint the NFT. However, it instead enabled the hacker to steal their funds.
Among the stolen assets was a CryptoPunk NFT worth 153 ETH or approximately $250,000, owned by Ethereum developer Bok Khoo. The attacker has since sold most of the stolen NFTs, with much of the proceeds still lying in the hacker’s wallet.
On-chain sleuth ZachXBT reported that within an hour of the phishing post’s appearance, the hacker had made off with more than $147,000. This figure quickly escalated to $691,000. ZachXBT also noted that the hacker sent a stolen NFT to Buterin after the incident.
One user on X suggested that Buterin’s negligence led to the attack and that he should take responsibility for compensating those affected. They argued that if a traditional finance platform founder posted links that resulted in fraud, they would be obligated to compensate victims or risk facing a class-action lawsuit.
Speculation arose that the hack was conducted through a SIM swap attack, where attackers convince a victim’s mobile carrier to transfer the phone number to a new SIM card. However, ZachXBT disputed this assumption.
The incident underscores the increasing frequency of social media hacks within the NFT community, leading to substantial losses for collectors. The security of social media platforms has been called into question, with some suggesting that developers should compensate victims for their losses.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.