Big oof.. Around 3 hours ago, Vitalik posted to his Farcaster Warpcast account (verified by ENS), which is essentially a web3 version of Twitter similar to Lens and Nostr, that he finally got his T-Mobile account back after being sim swapped.
Vitalik states he was sim-swapped on Warpcast
Vitalik stated what he learned from this incident was that a phone number alone was sufficient to reset a Twitter password. Well duh?! If you have your phone number tied to your Twitter account, of course that’s going to be an option to reset your password. I was shocked by this statement honestly..
He also went on to say he did not remember adding his number, but figured it was when he signed up for Twitter Blue. Yes, signing up for Twitter Blue requires the use of a phone number, but you can protect your account by using an OTP authenticator app.
The biggest shock of this whole revelation to me was when in the same thread he stated he did not think using an OTP authenticator was possible with Twitter. How?! Dude is the one of the biggest names in crypto with a GIANT target on his back. How does he not know something as simple as OTP is possible on the biggest social media platform for crypto on earth?! Or why someone of his notoriety and technical prowess isn’t using a security key like Yubi?
When I saw that he was hacked, I thought to myself there was no possible way he was sim-swapped because he wasn’t using an OTP authenticator app. That’s such a minor-league rookie mistake. I honestly thought we would find out that this was accomplished by an insider at Twitter or someone in Vitalik’s camp. Or at the very least stolen browser session cookies..
It just goes to show that no matter who the person is and how smart they are, everyone can make dumb ass mistakes. It just really sucks that this one cost innocent people $690k..
Thoughts..? Should Vitalik attempt to show good faith and pay people back or nah? This one blew my mind..
submitted by /u/conceiv3d-in-lib3rty
[link] [comments]