How can we prevent the phishing links that Vitalik Buterin couldn’t escape on Twitter?

Ethereum founder Vitalik Buterin's Twitter account became the target of hackers, who stole $691,000 from users who followed him through phishing links.

On Saturday, Vitalik Buterin’s account posted a phishing link announcing that Consensys would launch a set of commemorative NFTs. This phishing link was shown to his more than 4.9 million followers, inducing unsuspecting fans to link their wallets to mint NFTs, but in fact, this link was just a vacuum created by hackers to steal their funds.

On Twitter, crypto users quickly sounded the alarm about the phishing link, which has now been deleted, but has already caused a lot of losses, with many victims reporting being unable to withdraw funds from their wallets. According to Twitter user @ZachXBT, hackers appeared to have stolen more than $147,000 in an hour, but soon increased to $691,000, and hackers appeared to have sent the stolen NFTs to Vitalik’s wallet address.

It is unclear how many users were affected, but the latest incident adds to a growing number of phishing attacks on social media that have resulted in the loss of millions of tokens.

After experiencing so many losses, people began to discuss how software development platforms should compensate victims for their losses, and Twitter’s own security was also questioned. Binance CEO Zhao Changpeng said that Twitter’s account security was not well designed compared to traditional financial accounts.

Crypto scams are rampant on Twitter

Coincidentally, in addition to Vitalik Buterin, many encrypted Twitter accounts have been attacked in recent times.

On July 21, the Twitter account of Hayden Adams, the founder of Uniswap, was hacked and a tweet containing a phishing link was posted. On July 23, Coinlist's account was also hacked and a phishing link was posted. In addition, LayerZero's Twitter account was stolen on July 5, the official Twitter account of DEX trading aggregation platform Slingshot was stolen in June, and the Twitter account of BitBoy founder Ben Armstrong was stolen , etc. Why are so many crypto accounts being stolen by hackers?

Crypto scams on social media are becoming more and more frequent. Data from the U.S. Federal Trade Commission shows that on social media, investment-related scams, especially cryptocurrency-related scams, have proven to be the most profitable for scammers, and the huge potential returns are attracting more and more scammers.

Twitter is the mainstream social media that has integrated most quickly and closely with the crypto industry. It is also one of the most valuable social media in the world, with more than 330 million active followers. At the same time, in the crypto community, Twitter is the most influential social media. Any crypto project may not have a Discord account or a Telegram account, but it will definitely open a Twitter account.

In the past two years, Twitter has been accelerating its integration with the crypto industry . In 2021, Twitter began to form a crypto team focusing on crypto, blockchain and decentralized technology; Twitter has gradually embedded many functions related to the crypto industry, including displaying the user's crypto wallet address in the personal profile, NFTs can be set as Twitter avatars, and accounts can be bound to crypto wallets; in April 2022, Twitter executives began to work with Musk on the acquisition and privatization of Twitter, accelerating its entry into the crypto field, until Musk successfully acquired Twitter, which further enhanced Twitter's influence in the crypto community.

Given the deep integration of Twitter and the crypto industry, concepts such as digital assets, blockchain, Web3, and the metaverse have been more widely disseminated on Twitter. As public attention is increasing, scammers have also set their sights on this "hot commodity". Cryptocurrency is anonymous, highly concealed, and censorship-resistant. It is difficult to trace the source and destination of funds and the identity of the scammers. Therefore, crypto scams are favored by criminals.

The U.S. Federal Trade Commission calls social media and cryptocurrency a "fraud-prone combination." As the social media most closely integrated with the crypto industry, it is no surprise that Twitter has frequent crypto scams.

How to Avoid Crypto Scams

With so many crypto scams, how can we prevent them?

Do not click on unknown links

Phishing scams use high returns as a gimmick to attract users to click on phishing pages to log in, or download fake apps for transactions. When you see these activities on WeChat or web pages, do not click on unknown links or download apps from unofficial channels.

Confirm official attributes

Confirming the official attributes includes two aspects: the first is to confirm the official attributes of the activity itself; the second is to confirm whether the web page opened is the official website URL.

Do not fill in personal information and conduct transactions on unknown websites

If the user clicks a link and is redirected to a login page similar to the official website, do not fill in personal information immediately. First check whether the link is the official login link. If the website address is different, stop filling in information immediately. If you have already filled in key information, you need to log in to the official website as soon as possible and modify your personal information as soon as possible.

Upgrade account theft prevention measures

Enable SMS verification, email verification and other double verification functions, change account passwords regularly, and try to use different passwords between accounts to prevent database collision attacks.

Enhance personal awareness of prevention

Users should also enhance their personal awareness of prevention. In the phishing incident in which hackers invaded Twitter, although the celebrity effect lowered users' vigilance, the high returns and free airdrops in the tweets also exposed the clues of the phishing scam.

Conclusion

Yesterday, Vitalik Buterin spoke out about the account theft. He said that hackers successfully took over his T-Mobile SIM card through a SIM Swap attack, and he has now regained control of the SIM card.

SIM Swap is a form of identity theft where scammers trick mobile service providers into transferring a target's phone number to a SIM card held by the scammer, allowing them to intercept your messages. You can set a very complex password, but with SIM Swap scammers can easily bypass your password, so when the only two options are a password and SMS-based verification, your best option is to just use a unique password. Given how low the cost of a SIM Swap attack is, everyone should be aware of the risk.

Vitalik also expressed doubts about Twitter's account security mechanism. He pointed out that a mobile phone number alone is enough to reset the password of a Twitter account, and hackers can also directly delete the security devices in the account after logging in.

Even crypto veterans like Vitalik Buterin face the risk of having their accounts stolen, so ordinary users should protect their accounts and avoid clicking on unknown links that could cause financial losses. In addition, two-factor authentication is a widely used security defense method, and it is recommended that you enable it on accounts that have this feature to better protect personal account security.