How can we prevent the Twitter attacks that even Vitalik Buterin fell for?

Preventing Twitter attacks, even Vitalik Buterin was targeted.

Article/ Brother Octopus

Produced by/ Gyro Finance

Ethereum founder Vitalik Buterin’s Twitter account has become the target of hackers, who stole $691,000 from his followers through phishing links.

• LianGuai Daily | Binance.US lays off one-third of its employees; Hong Kong Securities and Futures Commission warns that JPEX is an unregulated virtual trading platform.
• Full Name Exploring the Path of Future On-chain Identity Layer Construction
• LianGuai Daily | LianGuai Launches Cryptocurrency to USD Exchange Service; MakerDAO Protocol RWA Total Assets Reach $2.613 Billion

On Saturday, V God’s account posted a phishing link announcing that ConsenSys would launch a set of commemorative NFTs. This phishing link was displayed to his more than 4.9 million followers, enticing unsuspecting fans to link their wallets to mint NFTs. However, in reality, this link only created a vacuum zone for hackers to steal their funds.

On Twitter, crypto users quickly issued warnings about the phishing link. The phishing link has been deleted, but it has already caused a lot of losses, with many victims reporting that they cannot withdraw funds from their wallets. According to Twitter user @ZachXBT, within one hour, the hackers seemed to have stolen over $147,000, but it quickly increased to $691,000. The hackers seemed to have sent the stolen NFTs to V God’s wallet address.

It is currently unclear how many users have been affected, but this latest incident adds to the growing number of phishing attacks on social media, which have resulted in the loss of millions of tokens.

After experiencing so many losses, people have begun to discuss how software development platforms should compensate the victims. The security of Twitter itself has also been questioned. Binance CEO Changpeng Zhao said that compared to traditional financial accounts, Twitter accounts are not well-designed for security.

01. Twitter Crypto Scams Frequent

Coincidentally, in addition to V God, many crypto Twitter accounts have recently been attacked.

On July 21, Uniswap founder Hayden Adams’ Twitter account was hacked and a tweet containing a phishing link was posted. On July 23, Coinlist’s account was also hacked and a phishing link was posted. In addition, on July 5, LayerZero’s Twitter account was stolen, Slingshot, a DEX trading aggregation platform, had its official Twitter account hacked in June, and BitBoy founder Ben Armstrong’s Twitter account was also hacked. Why have so many crypto accounts been hacked?

Crypto scams on social media are becoming more rampant. Data from the Federal Trade Commission in the United States shows that scams related to investments, especially cryptocurrencies, are proven to be the most profitable for scammers on social media. The huge potential returns attract more and more scammers.

Twitter is the mainstream social media platform that integrates with the crypto industry most rapidly and closely. It is also one of the most valuable social media platforms in the world, with over 330 million active followers. In the crypto community, Twitter is the most influential social media platform. Perhaps a crypto project may not have a Discord or Telegram account, but it will definitely have a Twitter account.

Twitter has been accelerating the integration with the encryption industry in the past two years. In 2021, Twitter started building a dedicated team focused on encryption, blockchain, and decentralized technology. Twitter has gradually embedded many functions related to the encryption industry, including displaying users’ encryption wallet addresses in their profiles, setting NFTs as Twitter avatars, and linking accounts with encryption wallets. In April 2022, senior executives of Twitter began discussions with Musk about the privatization and acquisition of Twitter, accelerating its entry into the encryption field. Eventually, Musk successfully acquired Twitter, further enhancing Twitter’s influence in the encryption community.

Given the deep integration between Twitter and the encryption industry, concepts such as digital assets, blockchain, Web3, and metaverse have gained wider dissemination on Twitter. As public attention has increased, scammers have also targeted this “honey pot”. Cryptocurrencies have anonymity, high concealment, and resistance to censorship. The difficulty of tracing the source and destination of funds and the identity information of scammers is high, so encryption scams are favored by criminals.

The U.S. Federal Trade Commission refers to social media and cryptocurrencies as a “fraud-prone combination”. As the social media platform with the closest integration with the encryption industry, it is not surprising that Twitter has frequent encryption scam incidents.

02. How to avoid encryption scams

Since there are so many encryption scams, how can we prevent them?

Do not click on links from unknown sources

Phishing scams attract users to click on links or download fake apps for trading with the promise of high returns. When you see these activities on WeChat or web pages, do not click on links from unknown sources or download unofficial apps.

Confirm the official attributes

Confirming the official attributes includes two aspects: first, confirming the official attributes of the activity itself; second, confirming whether the opened web page is the official website URL.

Do not provide personal information and trade on unknown websites

If a user is redirected to a login page similar to the official website after clicking on a link, do not immediately provide personal information. First, check if the link is the official login link. If the website address is different, immediately stop providing information. If critical information has already been provided, log in to the official website as soon as possible and modify personal information.

Upgrade account security measures

Enable dual verification functions such as SMS verification and email verification, regularly change account passwords, and use different passwords for different accounts to prevent password collision attacks.

Enhance personal security awareness

Users should also enhance their personal security awareness. In the phishing event where hackers infiltrated Twitter, although the celebrity effect made users lower their guard, the high returns and free airdrops mentioned in the tweets also exposed the traces of phishing scams.

03. Conclusion

Yesterday, Vitalik Buterin made a statement regarding the incident of his account being hacked. He stated that the hacker successfully took control of his T-Mobile SIM card through a SIM swap attack, but he has now regained control over the SIM card.

SIM swap is a form of identity theft where fraudsters deceive mobile service providers to transfer the target’s phone number to a SIM card held by the fraudster, enabling them to intercept your messages. You can set a very complex password, but fraudsters can easily bypass it through SIM swap. Therefore, when the only two options are password and SMS-based verification, your best choice is to use a unique password. Given that the cost of a SIM swap attack is low, everyone should be aware of this risk.

Vitalik Buterin also questioned the security mechanism of Twitter accounts. He pointed out that only a phone number is sufficient to reset the password of a Twitter account, and hackers can also directly remove security devices from the account after logging in.

Even someone as experienced in encryption as Vitalik Buterin faces the risk of account theft. Ordinary users should take account protection seriously and avoid clicking on unknown links to prevent financial losses. In addition, two-factor authentication, as a widely used security defense method, is recommended to be enabled on accounts that have this feature to better protect personal account security.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!