Ethereum co-founder Vitalik Buterin has confirmed that the recent hack of his Twitter account stemmed from a SIM swap attack that socially engineered T-Mobile to take over his phone number.

Speaking on social platform Farcaster, Buterin said hackers used the SIM swap to enact a password reset and gain control of his Twitter account. The breach resulted in scammers posting a fake NFT giveaway prompting users to click a malicious link, draining $691,000 collectively.

Buterin said the incident revealed how phone numbers enable password resets even without being used for two-factor authentication. He admitted to underestimating the risks of relying on phone numbers for account security.

The revelations underscore the importance of removing phone numbers from Twitter accounts and having two-factor authentication enabled, as advocated by Ethereum developer Tim Beiko.

SIM swapping has impacted T-Mobile users before, enabling millions in crypto theft. The telecom provider has faced lawsuits over its alleged role in enabling such attacks through security lapses.

Buterin's high-profile Twitter hack brought mainstream attention to the account security threat of SIM swap attacks. With control of a victim's number, scammers can breach most accounts.