Vitalik Buterin's X Account Compromised; Hackers Drain Over $800K, Steal Iconic NFT

Crypto genius and Ethereum co-founder Vitalik Buterin is the latest victim of what is believed to be a phishing attack launched by malicious actors that drained over $800,000 from victims and stole an iconic non-fungible token (NFT).

The attack, which on-chain sleuths claimed to be successful to some extent, was launched over the weekend, with Buterin's X (formerly Twitter) account posting a fake Consensys campaign that lured users to participate in an airdrop event hosted by the global blockchain company to avail of the "commemorative" NFTs that were given out in celebration of "Proto-Danksharding" coming to Ethereum.

Users were advised to simply follow the link included in the post. Like other phishing scams, the link, of course, led to a phishing site where malicious actors stole the victims' data and other important information to gain access to their crypto and other assets.

An angel investor who uses the X handle @EvanLuthra claimed that malicious actors allegedly drained victims who fell prey to the scam of over $800,000 along with an iconic NFT, the first publicly minted punk NFT, which was lost due to the attack.

"It wasn't a normal punk; we lost the first publicly-claimed punk, essentially the very first NFT ever minted," the angel investor said, adding, "It was so iconic, that Vitalik Buterin himself had to intervene to transfer it."

An on-chain sleuth who uses the X handle @ZchXBT revealed that the hacker sent Buterin the NFT that they stole.

Binance CEO Changpeng Zhao (CZ), who is a known acquaintance of Buterin, also alerted the community of the incident.

"Vitalik's Twitter account got hacked. Use common sense when reading content on social media, even from large KOLs," CZ posted on X.

He also criticized the account security of the social media platform, which he said is not designed similarly to other financial platforms, and suggested additional measures to increase account security.

"Twitter's account security is not designed as financial platforms. It needs quite a bit more features: 2FA, login ID should be different from handle or email, etc," CZ added.

The Binance CEO also shared that his account was once locked by the social media giant because hackers tried to brute-force it, but clarified that this happened before the tech billionaire acquired the micro-blogging site.

"In the past, I have had my Twitter account locked a few times due to hackers trying to brute-force it (trying different passwords repeatedly). This was before the 'Elon era.'"

It is worth noting that the fraudulent post has been removed, and Buterin's account was almost immediately recovered from malicious actors.