Ethereum co-founder Vitalik Buterin confirmed that his X (formerly Twitter) account was breached via a sim-swap attack, according to a Sept. 11 post on Warpcast.

A sim-swap attack is a scheme that exploits a vulnerability in specific two-factor authentication methods, where a phone call or text message serves as the second authentication step. This method enables attackers to access their victims’ text messages, emails, contact lists, bank accounts, social media profiles, and other sensitive and private data.

Buterin explained that he did not know that phone numbers were sufficient to password reset a Twitter account even if not used as two-factor authentication. He added:

“A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove …