Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
I had my sim “protected” by T-Mobile. The lost my pin but it was so too easy for me to get access to my account, I left. I’m so sorry that happened to you.
Sorry that happened to you. Glad that the damage was mitigated quickly.
I don’t love Google Fi (mainly cause coverage isn’t as good), but two things that keep me here are free roaming and 2fa. Makes sim swapping much more difficult.
Welcome back legend! https://giphy.com/gifs/-reaction-welcome-back-YQpAgiAtZzpOtEHyvs
Welcome back! X needs to urgently implement better account security to prevent against this sort of attack. Are phone carriers in the US so easily susceptible to social engineering? In europe they ask for my full SSN equivalent + billing address to perform a sim swap.
have you seen efani.com? i’ve had a good experience
Why aren’t you using an authenticator app or security key?
The best part of the hack was it took a lot of power away from you in terms of how much people listen to what you say without thinking. There will be a layer of critical thinking that's been strengthened. So a + for the community.
Sim Swaps becoming a very frequent issue in this space, crazy how many people are getting impacted by it lately
Highly suggest switching providers. T-mobile is run by boomers who have no understanding of the technology & related exploits. I believe the CEO even blocked customers for bringing this to their attention.
Really glad to hear there wasn't any other collateral damage!
Looks like everyone dropped the ball here. X shouldn’t enable phone recovery by default, it’s an obsolete practice. T-Mobile should use PINs to thwart social engineers (we’ve known about SIM swaps for years) + special procedures for public figures who are obvious targets (flag set=call escalation, added verif).
Do you guys think mobile companies keep a list of high profile, likely targets for sim swaps? I would hope so but this makes me think they most certainly don’t, at least not T mobile 😒
Hi vitalik, Are you going to refund the people who got affected from it?
I'm sorry to hear about your experience, @vitalik.eth! I was sim swapped in 2019, so I understand the frustration. The experience motivated me to launch @3num. Our goal is to upgrade traditional SMS and voice protocols to more secure, crypto-native alternatives. 📱🔒
have seen a lot of this sim swaps but no post mortems on best practices to quickly recover your accounts - would really love to see something like this. i have no idea who you'd even reach out to in this situation
I might be biased but Google Fi is most likely the most secure carrier to hold your mobile number since it's backed by Google account security.
Had you given T Mobile any special recovery instructions? I understand they will accept them (like a special password to provide to reset). Am curious if the social engineering bypassed any special notes.
Unfortunately many services still require a phone number. I wonder if at this point using a virtual number (Google Voice, Skype…) is safer. I’ve been using one for the past few years and at least they do a good job by filtering scam calls/sms. Not sure if sim swap would be possible with these
This is why we built valid3.id. When you are posting links or money related contents, you should sign them with your key. No more phishing attacks as the hackers don’t have your private key to generate the signature. It works like this👇 === https://sign.valid3.id/#/pnizhjQV
Some mobile operators in Taiwan require you to physically be at a store location with your double IDs (National card and Med card) and a personal stamp to initiate a SIM card change. It’s almost impossible to do a SIM card swap that way, it’s even hard for one to change his or her own SIM card sometimes. 😂
It is frustrating these types of hacks where people unfairly lose their digital assets. Until this is fixed we will not be offering a valid technology for the next internet. People want security, protection and guarantees of their property...
How did they get your phone number in the first place though?
I every time is dapp requiring phone number I die inside a little Looking at you friend.tech, argent !
How long did it take? Did t-mobile change back to original sim?
Every time I come across dapp requiring phone number I die inside a little Looking at you friend.tech, Argent !
Crazy man, this is why we need Farcaster and Feeds social.
I think it’s good that we are moving towards greater anonymity and there are more and more opportunities to buy anonymous mobile numbers
What do you think about L2 eth wallets like argent mobile,that use email instead of seed phrase? Easily Emil can be hacked by sim swap I think 🤔
@vitalik.eth Unfortunately, this is often the problem of all analog operators, where it assigns a static number and is tied to personal data and operators do not fight this problem. I use Web3 Phone Service dcalls.org
Given your profile, it's probably wise to switch from T-Mobile to a carrier like Efani https://www.efani.com/
Your X account yesterday, is it true that it was hacked?
That's wild, how archaic the phone number system is
Hey vitalik. How it is possible ? You have a swap for scam $Warpcast on base network. I thought it is real until i checked it on Debank
It's horrible experience, try to transfer your number to other more secure provider, if there's one.
Connecting a completely randomly named email acc and voip number verification, adds another layer of sec, since ur in the public eye, most if not all ur personal details are public, c wat im saying ?
how is it possible Very unprofessional I cant believe this😐
سید اکانتت بگا رفته بودا ، کلی آدم دیگه رو هم بگا دادی 👏👍
