On July 21, 2023, the cryptocurrency community witnessed yet another high-profile social media compromise when the Twitter account of Uniswap founder Hayden Adams was breached in a sophisticated SIM-swap attack. The incident sent ripples through the decentralized finance ecosystem, exposing the persistent vulnerabilities in even the most prominent figures in the crypto space.
The attacker gained control of Adams’ account (@haydenzadams) and immediately began posting fraudulent tweets designed to lure unsuspecting users into clicking malicious links. One tweet falsely claimed that Uniswap’s Permit2 contract had been affected by an unknown exploit, urging users to check their token eligibility through a phishing website. The scam was carefully crafted to exploit the trust that the community places in Adams’ official communications.
The Exploit Mechanics
The attack vector was a SIM-swap, a technique where criminals convince a mobile carrier to transfer a victim’s phone number to a SIM card they control. Once the attacker controls the phone number, they can bypass SMS-based two-factor authentication and reset passwords for associated accounts. Wu Blockchain, a respected crypto reporter, confirmed that the Hayden Adams breach was carried out through this method.
The phishing infrastructure was not built overnight. According to security researchers, the perpetrators behind this attack had been active since at least April 2023 and had created over 23 distinct phishing websites in the months leading up to the Adams hack. These sites were designed to mimic legitimate DeFi platforms and interfaces, making them difficult for average users to distinguish from the real thing.
The scale of the operation was significant. Before targeting Adams, the same group of scammers had already stolen approximately $3.6 million from around 358 victims through their network of phishing sites. The hack of a high-profile account like Adams’ represented an escalation, giving the attackers access to a massive audience of crypto users who might trust links shared from that account.
Affected Systems
The primary system compromised was Adams’ personal Twitter account, which at the time had hundreds of thousands of followers from the DeFi and broader crypto community. The fake tweets claimed that Uniswap’s Permit2 contract — a legitimate smart contract feature that allows token approvals through signatures rather than on-chain transactions — had been exploited, creating a sense of urgency designed to prevent careful analysis by potential victims.
The phishing website linked in the tweets was freshly registered, a detail that security-conscious users could have used to identify the scam. However, the professional appearance of the fake site and the credibility of the compromised account made it effective enough that the Uniswap Foundation felt compelled to issue an immediate public warning.
The attack occurred in the context of a broader wave of social media compromises in the crypto space. Just one day later, on July 22, the CoinList Twitter account was also hacked, with the attacker posting about a fake token launch. These incidents were part of a pattern that included the KuCoin exchange Twitter hack in April 2023, where users lost funds in a fake giveaway event lasting nearly an hour.
The Mitigation Strategy
The response to the Adams hack was swift. The Uniswap Foundation posted an official warning within minutes, stating: “Do not click this link — or links in similar tweets which might go up.” This rapid response likely prevented additional losses. Adams regained control of his account approximately five hours after the initial compromise.
For individual users, the incident underscored several critical security practices. First, never trust a link shared on social media without independently verifying its legitimacy, even when it comes from a trusted account. Second, SMS-based two-factor authentication is fundamentally vulnerable to SIM-swap attacks and should be replaced with hardware security keys or authenticator apps wherever possible.
At Bitcoin’s price of approximately $29,908 on the date of the attack, the $3.6 million already stolen by this phishing group represented roughly 120 BTC — a substantial sum that could have been significantly larger had the Adams account compromise not been detected and countered quickly.
Lessons Learned
The Hayden Adams Twitter hack highlights a fundamental tension in the crypto ecosystem: the reliance on centralized social media platforms for critical communications. While DeFi protocols are built on decentralized infrastructure, their primary communication channels remain centralized services like Twitter, which creates a single point of failure for trust.
The incident also demonstrates that phishing attacks in the crypto space are becoming increasingly sophisticated. The attackers invested months in building their infrastructure, creating dozens of professional-looking websites, and carefully timing their high-profile account compromises for maximum impact. This level of operational sophistication suggests organized criminal groups rather than opportunistic individuals.
For platforms and protocols, the lesson is clear: official communication channels should use multiple verification methods, and communities should be educated to recognize the signs of compromised accounts, including unusual posting patterns, newly registered domains in links, and claims of urgency that bypass normal security procedures.
User Action Required
If you interacted with any links posted from Hayden Adams’ Twitter account on July 21, 2023, immediately check your wallet for unauthorized transactions. Revoke any token approvals you may have granted to suspicious contracts. Consider moving remaining assets to a fresh wallet address. Enable hardware-based two-factor authentication on all social media accounts. Use a hardware wallet for storing significant crypto holdings, and never connect your primary wallet to unverified platforms.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research and consult with qualified professionals before making security decisions regarding your digital assets.
the Hayden Adams SIM-swap was wild. 23 phishing domains registered over months. these werent random, they planned it like a military op
$3.6M stolen from 358 victims before they even got to Adams account. the phishing infrastructure was already profitable before the main attack
358 victims before the main attack tells you the phishing kit was already deployed and profitable. the Adams account was just the jackpot
358 wallets drained before the main event means this was an active operation for weeks. the adams account was just the distribution channel for a bigger blast
if the founder of uniswap cant protect his twitter from a SIM swap what chance do regular people have. carriers need to fix this
carriers wont fix it because they have no incentive. port-out protection exists but you have to explicitly enable it and most people dont know
most carriers bury port-out protection in settings. T-Mobile is the only one that turned it on by default after the SIM swap wave
the answer is carriers have zero liability when your number gets swapped. until there are actual legal consequences nothing changes