Last Updated on September 12, 2023 by Bitfinsider
“Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number),” Buterin said on Warpcast, a client for the decentralised social protocol Farcaster, where account recovery may be controlled through an Ethereum address.
Despite warnings about the unsafe nature of phone numbers for authentication in the crypto field, given the ubiquity of SIM swap attacks, Buterin didn’t realise that a phone number was enough for malicious actors to reset his X account, even if it wasn’t used for two-factor authentication.
“A phone number is sufficient to password reset a Twitter account even if it is not used as 2FA,” Buterin pointed out. “I had previously seen the ‘phone numbers are insecure, don’t authenticate with them’ advice but had not realised this.”
2FA is a security mechanism for gaining access to a variety of online accounts that requires users to submit two distinct authentication methods to prove themselves, such as a password and an authenticator app code.
Hardware wallets are safe and secure devices that can be used offline. They keep your cryptocurrency offline, making it impossible for you to be hacked. To find out more on the leading hardware wallets, you may view our reviews here: Ledger & Trezor
Disclaimer: The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, legal, tax or other advice. Investing in or trading cryptocurrency or stocks comes with a risk of financial loss.