Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
27 replies
94 recasts
439 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
7 replies
12 recasts
77 reactions
Garrett 🎩↑ᖽ pfp
Garrett 🎩↑ᖽ
@garrett
Why aren’t you using an authenticator app or security key?
1 reply
0 recast
2 reactions
phil pfp
phil
@phil
Sorry that happened to you. Glad that the damage was mitigated quickly.
0 reply
0 recast
3 reactions
Brian Kim pfp
Brian Kim
@brianjckim
have you seen efani.com? i’ve had a good experience
0 reply
0 recast
0 reaction
Gabriel Ayuso ⌁ pfp
Gabriel Ayuso ⌁
@gabrielayuso.eth
I might be biased but Google Fi is most likely the most secure carrier to hold your mobile number since it's backed by Google account security.
2 replies
0 recast
5 reactions
typeof.eth 🔵 pfp
typeof.eth 🔵
@typeof.eth
I don’t love Google Fi (mainly cause coverage isn’t as good), but two things that keep me here are free roaming and 2fa. Makes sim swapping much more difficult.
1 reply
0 recast
5 reactions
Syed Shah🏴‍☠️🌊 pfp
Syed Shah🏴‍☠️🌊
@syed
The best part of the hack was it took a lot of power away from you in terms of how much people listen to what you say without thinking. There will be a layer of critical thinking that's been strengthened. So a + for the community.
1 reply
0 recast
5 reactions
OG dad pfp
OG dad
@boscolo.eth
I'm sorry to hear about your experience, @vitalik.eth! I was sim swapped in 2019, so I understand the frustration. The experience motivated me to launch @3num. Our goal is to upgrade traditional SMS and voice protocols to more secure, crypto-native alternatives. 📱🔒
0 reply
2 recasts
3 reactions
adrienne pfp
adrienne
@adrienne
Do you guys think mobile companies keep a list of high profile, likely targets for sim swaps? I would hope so but this makes me think they most certainly don’t, at least not T mobile 😒
2 replies
0 recast
3 reactions
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Had you given T Mobile any special recovery instructions? I understand they will accept them (like a special password to provide to reset). Am curious if the social engineering bypassed any special notes.
0 reply
0 recast
3 reactions
nixo pfp
nixo
@nixo
have seen a lot of this sim swaps but no post mortems on best practices to quickly recover your accounts - would really love to see something like this. i have no idea who you'd even reach out to in this situation
1 reply
0 recast
2 reactions
Trish🫧✈️🎩 pfp
Trish🫧✈️🎩
@trish
I had my sim “protected” by T-Mobile. The lost my pin but it was so too easy for me to get access to my account, I left. I’m so sorry that happened to you.
1 reply
0 recast
1 reaction
Zuphioh 🎩🔵 pfp
Zuphioh 🎩🔵
@zebra
Sim Swaps becoming a very frequent issue in this space, crazy how many people are getting impacted by it lately
1 reply
0 recast
1 reaction
Thomas pfp
Thomas
@aviationdoctor.eth
Looks like everyone dropped the ball here. X shouldn’t enable phone recovery by default, it’s an obsolete practice. T-Mobile should use PINs to thwart social engineers (we’ve known about SIM swaps for years) + special procedures for public figures who are obvious targets (flag set=call escalation, added verif).
1 reply
0 recast
1 reaction
8INK5 ⚡🎩❤️ pfp
8INK5 ⚡🎩❤️
@mime-jr.eth
YubiKeys are what you need 👍 Yes they can be used on X
0 reply
0 recast
1 reaction
S·G 🎩 on FarCon pfp
S·G 🎩 on FarCon
@esdotge.eth
It is frustrating these types of hacks where people unfairly lose their digital assets. Until this is fixed we will not be offering a valid technology for the next internet. People want security, protection and guarantees of their property...
1 reply
0 recast
1 reaction
web3dΞv.eth | sonsOfCrypto.com pfp
web3dΞv.eth | sonsOfCrypto.com
@web3d3v
Every time I come across dapp requiring phone number I die inside a little Looking at you friend.tech, Argent !
1 reply
0 recast
1 reaction
Petr 🟢 dTelecom pfp
Petr 🟢 dTelecom
@richmal.eth
@vitalik.eth Unfortunately, this is often the problem of all analog operators, where it assigns a static number and is tied to personal data and operators do not fight this problem. I use Web3 Phone Service dcalls.org
0 reply
0 recast
1 reaction
Christian pfp
Christian
@onchainchris.eth
Welcome back! X needs to urgently implement better account security to prevent against this sort of attack. Are phone carriers in the US so easily susceptible to social engineering? In europe they ask for my full SSN equivalent + billing address to perform a sim swap.
0 reply
0 recast
0 reaction