On September 9, 2023, the X account of Ethereum co-founder Vitalik Buterin was hacked by scammers who posted a fraudulent promotion of a free non-fungible token (NFT) collection. The phishing post, which claimed to celebrate ‘Proto-Danksharding coming to Ethereum,’ lured victims into connecting their wallets and signing malicious contracts. Blockchain sleuth ZachXBT tracked the damages and reported that the attackers drained over $691,000 worth of assets, including two high-value CryptoPunk NFTs.
The Phishing Attack
The malicious tweet was live for a short period before being noticed by the community. Dmitry Buterin, Vitalik’s father, quickly issued a warning on X: “Disregard this post, apparently Vitalik has been hacked. He is working on restoring access.” The tweet was subsequently deleted, but not before multiple users had fallen victim. The scam employed a classic wallet-draining technique: victims were asked to visit a link and approve a transaction that gave the attackers control over their NFTs and tokens.
Stolen Assets: CryptoPunks Lead Losses
According to ZachXBT’s on-chain analysis, the total amount stolen reached $691,000. The majority of the value came from two CryptoPunk NFTs belonging to Ethereum developer Bok Khoo (X handle @Bokkypoobah). CryptoPunk #3983 was valued at approximately 153.62 ETH (roughly $250,000 at the time), while CryptoPunk #1751 was worth 58.18 ETH. Bok Khoo confirmed the loss on X, writing: “Lost a few Punks. Don’t interact!”
Connections to Pink Drainer
Chinese crypto journalist Colin Wu (Wu Blockchain) suggested that the hack might be linked to the notorious phishing group known as Pink Drainer. The scam wallet address identified was 0x4e…b3f3. Pink Drainer has previously targeted other high-profile crypto figures, including Uniswap founder Hayden Adams, whose X account was compromised in a similar fashion earlier in 2023. The group typically operates by gaining access to influential social media accounts and posting malicious links under the guise of giveaways or project announcements.
Broader Implications for Social Media Security
The incident highlights the persistent vulnerability of even the most prominent figures in the crypto space. In June 2023, Bitcoin critic and gold advocate Peter Schiff’s Twitter account was also hacked to promote a fake token called $GOLD. The crypto community is now calling for X (formerly Twitter) to implement stricter security measures, including mandatory two-factor authentication for high-profile accounts. As of now, Vitalik Buterin has not made a public statement, but his father confirmed that restoration efforts are underway. Users are strongly advised to double-check any unsolicited links claiming to offer free NFTs or tokens, and never connect their wallets to unverified sites.

