SIM Swapping Attacks Against US Cryptocurrency Users on the Rise

• SIM swappers in the United States have been targeting many cryptocurrency users during the past couple of weeks.
• Individuals complain about the lack of security of their mobile service provider, especially T-Mobile.
• Many have lost thousands of dollars, some wrote an article about it, while others prefer to keep it a secret.

Over the last week, there have been numerous reports about SIM swapping attacks in the cryptocurrency community. As it seems, this new wave is not a random spike in the SIM swapping activity, but a coordinated effort to take over many valuable accounts with crypto assets. The main point of the attackers in these cases is to transfer the victim’s number to another SIM card, by convincing the mobile service operator that it is them who are asking the number port. This enables the attacker to override the two-factor-authentication protection step, so they can take over the target account.

Obviously, this presupposes that the attacker already has the login credentials of the victim as well as some identification details that will convince the mobile carrier agent. These details are not easy to get from cryptocurrency users, but it’s far from impossible. SIM swapping is considered to be a serious offense, and the FBI has arrested several people this year alone, who faced harsh, long-term imprisonment penalties. This crackdown from the authorities has caused a momentary decline in the number of SIM swapping attacks, but there are still many who like to take their chances.

Sim Swapped. Phone number ported. Thanks @TMobile

That’s at least 15 of us in the crypto community in the last week.

— Andrew Kang (@Rewkang) June 1, 2019

The recent attack wave occurred in the US alone, so there are certain mobile service providers who need to look back into their detailed logs and see who took the action to port the numbers. Usually, it’s a mobile store employee, a former employee, a close associate who tricks another employee, etc. As nothing goes undocumented, there’s no way for SIM swappers to hide their activity, and while the money of the victims may be gone forever, the actors are bound to get caught soon.

One of the people who lost $100k a couple of days ago wrote a post on Medium, titled “The most expensive lesson of my life”. As the victim details, the first sign of the port was the loss of the cellular signal on his phone. The torrent of adverse events that followed only sealed the deal for the attacker and the lack of immediate response by the victim made it possible. The advice that the victim gives to those who want to stay safe from SIM swappers are the following:

• Use a hardware wallet/cold wallet for your crypto assets.
• Use a verification USB key or a two-step-verification device like an Android smartphone.
• Don’t share too many identification details online.
• Create a second, secret email address and use that one for 2FA.
• Use an offline password manager.

Have something to say on the above? Let us know of your opinion in the comments down below, and also on our socials, on Facebook and Twitter.