The Twitter account of Vitalik Buterin, the co-founder and face of Ethereum, was broken into by hackers on Saturday. They posted a crypto phishing scam in a tweet to Buterin’s nearly 5 million followers containing a link advertising a free NFT drop.
“To celebrate Proto-Danksharding coming to Ethereum, [Consensys] is marking the moment with a commemorative NFT,” the tweet stated. “‘Proto’ honors the work of the devs who made this possible. The collection is free for the next 24 hours. Claim your piece of history.” Putting aside crypto-gobbledygook (Proto-Danksharding is a real thing), the tweet offered followers a free NFT if they clicked the link.
The tweet was only on Twitter for roughly 20 minutes, according to Web 3 Is Going Just Great. It was taken down after Buterin’s father, Dmitry, tweeted that it was a phishing scam and that his son was working to regain control over his account. “Disregard this post, apparently Vitalik has been hacked. He is working on restoring access,” Dmitry tweeted on Saturday.
The damage was done, however: The hackers managed to steal crypto tokens—mainly NFTs—valued at an estimated $691,000 at the time, according to pseudonymous blockchain sleuth ZachXBT. The thieves then got to work selling the NFTs, one of which was a highly valuable Cryptopunk, which was sold for over $200,000. On Monday, the hackers’ crypto wallet showed activity that reflected having received 300 ETH (currently worth $468,000) over the weekend.
The hack comes as Twitter owner Elon Musk searches for a way to make the debt-laden site profitable. One idea the billionaire floated was to make Twitter the center of users’ “financial world.” In April, Twitter partnered with eToro to let users track the prices of stocks and cryptocurrencies and invest.
The cryptocurrency industry is rife with scams of every stripe, and they have often taken place on Twitter. There are a large number of users on the social network, and the nature of the blockchain is such that transactions are nearly instant and irreversible. A click is all it takes to lose everything.
“Twitter’s account security is not designed as [a financial platform],” tweeted Binance CEO Changepeng Zhao, who is himself facing charges from U.S. securities regulators. “It needs quite a bit more features: 2FA, login id should be different from handle or email, etc. In the past, I have had my Twitter account locked a few times due to hackers trying to brute-force it (trying different passwords repeatedly). This was before the ‘Elon era’.”
Twitter did not respond to a request for comment.
This content was originally published here.