Vitalik Buterin's X Account Hacked in Free NFT Scam, Over $690K Drained from Victims

Vitalik Buterin's X Account Hacked in Free NFT Scam, Over $690K Drained from Victims

N
News Editor 01
2026-07-08 13:30:12
Ethereum co-founder Vitalik Buterin's X account was compromised by hackers who posted a phishing link promising free NFTs. The attack, linked to the Pink Drainer group, resulted in losses exceeding $691,000, including rare CryptoPunk NFTs.
EthereumVitalik ButerinHackPhishing ScamNFT

Ethereum co-founder Vitalik Buterin’s X (formerly Twitter) account was hacked on September 9, 2023, in a sophisticated phishing attack that caused victims to lose more than $691,000 worth of cryptocurrency and NFTs. The attackers posted a tweet from Buterin’s account claiming to “celebrate Proto-Danksharding coming to Ethereum” and offered followers a chance to mint free commemorative non-fungible tokens (NFTs). The post included a link to a fraudulent website designed to drain wallets once users connected them.

Phishing Lure: Fake Proto-Danksharding NFT Mint

The malicious tweet was live for only a short time before being deleted, but it was enough to trick numerous users. Dmitry Buterin, Vitalik’s father, quickly warned the community: “Disregard this post, apparently Vitalik has been hacked. He is working on restoring access.”

One of the most prominent victims was Ethereum developer Bok Khoo (handle @Bokkypoobah), who tweeted: “I lost a few Punks. Don’t interact!” His CryptoPunks—#3983 and #1751—were among the most valuable assets stolen.

Losses Tied to Pink Drainer Group

Blockchain investigator ZachXBT (@zachxbt) tracked the attacker’s wallet 0x4e…b3f3 and confirmed total losses of approximately $691,000. The highest-value assets were CryptoPunk #3983 (valued at 153.62 ETH, ~$250,000) and CryptoPunk #1751 (58.18 ETH, ~$95,000), along with multiple ERC-20 tokens and other NFTs.

Chinese crypto journalist Colin Wu (Wu Blockchain) reported that the hack may be linked to the notorious Pink Drainer hacker group, which has previously used similar social engineering tactics to drain high-profile wallets. The group has been active in targeting prominent figures on crypto Twitter.

Notably, this is not the first time an influential crypto account has been exploited. In June 2023, the X account of Bitcoin critic Peter Schiff was taken over by hackers who promoted a fraudulent token called “$GOLD.” Uniswap founder Hayden Adams also suffered a similar attack earlier in the year.

Industry Reactions and Security Lessons

The incident sparked widespread concern about the vulnerability of social media accounts in the crypto space. Many community members called on X to enforce stronger security measures, such as mandatory hardware-based two-factor authentication for verified accounts.

Blockchain data from Arkham Intelligence showed that the attacker quickly swapped stolen ETH for DAI via decentralized exchanges and moved funds to several wallets. Vitalik’s account has since been restored, but no official statement has been released regarding law enforcement involvement.

Security experts reiterate the golden rule: never connect your wallet to a DApp from an untrusted link, even if it appears to come from a well-known figure. They also recommend using hardware wallets for signing transactions and double-checking official links through community channels.

As of press time, the Pink Drainer-linked wallet still holds a significant portion of the stolen funds. The crypto community remains on high alert for similar attacks, which are likely to continue evolving.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
400

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.