AI Summary
Show More
Quickly grasp the article's content and gauge market sentiment in just 30 seconds!
Being able to store funds digitally is convenient, but it can also make your money vulnerable to scammers and hackers. Unfortunately, hackers are constantly developing new methods for stealing crypto. A new type of attack called a SIM swap has even managed to fool crypto experts like Vitalik Buterin. What are SIM swap attacks, and how can you protect your crypto from this fraud method? Keep reading to learn more about how SIM swaps work.
Key Takeaways:
A SIM swap crypto attack is a hack in which a scammer copies a phone’s SIM card information, allowing the hacker to bypass two-factor authentication and gain access to crypto accounts.
Once a hacker has accessed an account via a SIM swap crypto attack, they can easily steal crypto or other assets.
Some notable recent SIM swap crypto incidents include the Vitalik Buterin X/Twitter SIM swap attack, as well as the friend.tech SIM swap controversy.
A SIM swap crypto attack is a hack in which a scammer copies a phone's SIM card information. This allows the hacker to bypass two-factor authentication and gain access to crypto accounts. Once the hacker has accessed an account, they can easily steal crypto or other assets.
A SIM swap attack is a type of hack that essentially clones your cell phone number. The first step of this attack involves the hacker switching the Subscriber Identity Module (SIM) card from your phone to theirs. They can do this by stealing your phone and manually removing the card, or they can pretend to be you and use social engineering tactics to trick your mobile carrier into remotely transferring the SIM.
Once the hacker has your SIM card information in their phone, it will essentially function like your phone. All calls and texts will go to their phone, and if they call anyone from their phone, your number will show up on the receiving party’s caller ID. Having their victim's phone number makes it very easy for SIM swap attackers to get around routine security mechanisms like two-factor authentication. They can use their victim's phone number to receive one-time password texts, and log in to the victim's online accounts.
Some sites with shoddy security measures will also allow users to automatically reset an account over a verified phone number. The hacker can potentially call a site's customer service center and get a password reset for the victim's account — without even having to provide any other verifying information.
As the result of a SIM swap attack, a hacker can easily get into a variety of online crypto wallets. They can then transfer the tokens straight to their own account and steal all your money. If your crypto wallet uses stored credit cards or bank accounts to purchase crypto, the hacker can also use that information to steal more money from you or buy more crypto for themselves. The concept of a SIM swap is especially risky for those who use a lot of web3 products with internet connectivity. While cold wallets might remain somewhat secure, any service that allows you to link your phone number to your account could be vulnerable to a SIM swap.
SIM swapping poses some major dangers for crypto traders. In the wake of countless data breaches and phishing attacks, two-factor authentication via phone has become the gold standard for security. Many people assume that setting up two-factor authentication (2FA) makes their accounts completely secure. Unfortunately, the reality is that two-factor authentication is very easy to get around. With a SIM swapping attack, any trader or investor's personal accounts could be hacked.
Being able to recognize a SIM swap crypto attack can help you take steps to address the problem before it gets worse. The most important sign of a SIM swap to be aware of is that your phone will be unable to make calls and send messages. Since the hacker's phone will be using your SIM card, the card in your phone will no longer function. You'll still be able to connect to WiFi, but you won't be able to use data for things like texts and calls.
Many hackers are aware of this trick for spotting a SIM swap, so they'll try to trick you into turning off your phone before they begin. Many people who deal with a SIM swap crypto attack report that their phone was bombarded with constant calls and messages right before the swap. You might also get some suspicious texts or emails before a SIM swap because a hacker is trying to use phishing to collect your data and make it easier to access your account. Typically, mobile service providers notify clients of SIM swaps, so make sure to regularly check your email to see if they've notified you of an upcoming SIM card activation.
A SIM swap crypto attack can have disastrous consequences. Here are a few examples of high-profile SIM swapping attacks that have recently been in the news.
In one shocking case, hackers combined a SIM swap attack with a phishing attack to stealover $691,000. The hack started with a SIM swap that targeted Ethereum founder Vitalik Buterin's X/Twitter account. Since his phone was linked to his account, the hackers could access it without even using a password. The hackers then used Buterin's account to tweet a phishing link, and when other social media accounts clicked on it, their crypto and NFTs were stolen.
friend.tech social media accounts were the target of another substantial SIM swap fraud. In this attack, a hacker stole about $385,000 worth of Ether tokens in under 24 hours by using SIM swaps. Many of friend.tech's high-profile users raised awareness about the dangers of SIM swapping by posting about the issue online.
A British hacker known as PlugwalkJoe was able to steal almost $800,000 worth of cryptocurrency through SIM swapping. The hacker targeted high-level executives at a crypto corporation, and once he was able to use the SIM swap to access the company's online accounts he transferred7 BTC, 407 ETH and many other coins to his own private wallet.
Are SIM swap crypto attacks completely unavoidable? With the way phone and crypto companies are set up, they can be quite hard to prevent. Many sites' current security measures mean that any SIM swapper has free reign to control your account. Furthermore, mobile carrier companies aren't doing much to prevent SIM swaps. There currently aren’t any regulations requiring mobile service providers to authenticate customers before agreeing to move a subscriber identity module (SIM) to another phone.
Therefore, the prevention of SIM swap attacks relies almost entirely on individual users. You cannot assume that every site is doing its best to protect your crypto account. Instead, you need to take the time to set up preventative measures on your own. By doing some research into security policies and practicing some safety guidelines, you can reduce your risk of encountering SIM swap fraud.
Even if most sites and mobile carriers aren't taking steps to prevent SIM swaps, there are several things you can do to safeguard your security. Follow these tips to prevent SIM swap attacks.
Never share your phone number with people: In order to perform a SIM swap, a hacker needs to know which phone number they need to copy. Therefore, it's important to avoid posting your number online or sharing it with random people.
Don't use your real name online: Past SIM swaps have shown it's much easier for a hacker to get a victim's phone number if they have the person's legal name. By using a pseudonym online, it's harder for a hacker to get the information they need to perform a SIM swap.
Unlink your phone from certain accounts: Some companies such as like X/Twitter will allow anyone with the right phone number to access an account. Before storing any crypto or financial information with a company, check their password reset policy to see whether you need to unlink your phone from the account.
Store your crypto in a cold wallet: One of the most foolproof ways to prevent SIM swap attacks is to select a wallet without an internet connection. Many cold wallets don't have the password recovery options necessary for a SIM swapper to gain access to your account.
Follow basic internet safety guidelines: To succeed, many SIM swap card attacks also need other personal information like your password or birthday. You can protect this information by following all basic crypto safety guidelines.
Use a two-factor authentication method besides your phone: Not all two-factor authentication services use phone numbers as their method of verifying your identity. Consider getting an app that provides secure verification without texting or calling you to give you a code.
If SIM swappers access accounts, it's important to act fast. Start by contacting your mobile carrier and alerting them to the issue. Ask them to either disable your number temporarily or return the number to your SIM. Make sure to file a complaint and keep a record of their inability to secure your SIM just in case you need to escalate the issue later on.
Next, turn to your crypto accounts. It can take a little while for your mobile carrier to restore your SIM, so make sure you remove your phone number from all crypto and bank accounts and disable two-factor verification via phone. Enhance your security further by changing your password and contacting the site's customer service team to ask if you can freeze your account or add other security messages.
Once you've stopped the SIM swap attack, it's time to take steps to recover your funds. File reports with local law enforcement to get help finding the hackers, and contact customer service for your bank accounts and any crypto sites you use. Some sites may be able to reverse transactions or restore money to the personal accounts of fraud victims. If you cannot get your money back from the site or recover it from the hackers, you may want to consider seeking legal counsel and filing a lawsuit to get compensation for your lost money.
SIM swapping is a troubling new way for hackers to access accounts. It takes advantage of password recovery or login processes that rely on phone numbers, so it can circumvent a lot of safety measures. The only way to protect yourself is to keep your personal information secure and carefully monitor your accounts for any suspicious activity.
#Bybit #TheCryptoArk