- Buterin’s account contained a link that claimed to celebrate a moment with a “commemorative NFT” that could be collected free for the next 24 hours.
- Crypto has continued to be plagued by hacks in 2023, as scammers have stolen more than $700 million.
Ethereum co-founder Vitalik Buterin’s account on the X, formerly Twitter, social media platform was compromised in a phishing attack, according to blockchain security and data analytics firm PeckShield.
A post that included a phishing link was shared via Buterin’s X account. Users were encouraged to claim a “commemorative NFT” via the link, which said it could be collected free for a limited time — the next 24 hours. Once minted users accounts were hacked, causing them to lose funds and NFTs.
The post has since been deleted, but not before the link drained cryptocurrencies and NFTs worth over $700,000.
Issues with the post were brought to light around midnight London time on Saturday, by PeckShield. The firm warned users not to click on the phishing link in the post, which claimed to celebrate proto-danksharing coming to Ethereum
Pseudonymous blockchain investigator ZachXBT said more than $691,000 was stolen from those who clicked on the link, including the CryptoPunk #3983 NFT, which was worth about $250,000. The wallet address associated with the hack has since been flagged as suspicious on the block explorer and analytics platform Etherscan.
The wallet made its first transaction several hours before the post was made on Buterin’s account. It interacted with a Pink Drainer wallet which has been reported on Etherscan as being involved with a wallet drainer.
“Vitalik’s Twitter account got hacked. Use common sense when reading content on social media, even from large key opinion leaders,” said Binance CEO Changpeng Zhao. “Twitter’s account security is not designed as financial platforms,” he added.
According to the X help center: “Phishing scammers send fraudulent messages to a large number of people, in an attempt to trick them into revealing private information, like a password. An email or website may be disguised to appear legitimate.”
The event comes just a few days after the latest major attack in the crypto space. On Monday, crypto’s biggest online casino, Stake.com, saw $41 million drained from the platform.
Hackers have made away with more than $700 million in 2023 across about 70 hacks.
Updated with additional context after publication, including links to wallet addresses.