Crypto SIM Swaps: How to Avoid Them

Crypto SIM Swaps: How to Avoid Them. SIM swaps in crypto present a growing concern in the digital currency landscape. This sophisticated fraud involves attackers convincing mobile carriers to transfer a victim’s phone number to a new SIM card under their control. With access to the victim’s phone number, hackers can bypass two-factor Authentication and gain unauthorized access to cryptocurrency accounts, leading to significant financial losses. Understanding the risks associated with SIM swaps is crucial for safeguarding digital assets and maintaining the security of crypto holdings.

What Are Sim Swap Hacks and How Do They Affect Cryptocurrency Investors?

Other names for SIM swap hacks are port-out, SIM splitting, and SIM hijacking. An unscrupulous actor can pull off one of these hacks by redirecting the victim’s SIM card connections to an unauthorized SIM card they control. This allows the hacker to intercept and decrypt any communications intended for the victim, including two-factor authentication (2FA) SMS alerts. Regardless of two-factor Authentication (2FA), resetting a password on some platforms is as easy as entering the phone number.

Despite the seeming simplicity of the break in electronic communication, the hackers exploit this access in multiple ways that severely harm their victims and those linked to them.

Stealing Cryptocurrencies and Other Assets

In the cryptocurrency industry, if a hacker manages to get their hands on an investor’s SIM card, they can access their user accounts on centralized exchanges and other bank institutions using two-factor authentication (2FA) SMS verification or another phone number-based account recovery technique. A hacker who obtains access to these accounts can then drain their victims’ bank accounts of any money accessible to them.

Hijacking Social Media Profiles

Using the same technique, SIM swap hackers can access not only the user’s financial accounts but also their social media accounts, allowing them to start detrimental conversations with their connections. This also endangers the people who follow famous or important people. Sometimes, hackers use these profiles to trick their followers into clicking on malicious links. Users are often tricked into connecting their wallets and signing transactions when they click on these ads, which advertise giveaways. Hackers can access victims’ wallets and steal their money in this way.

How Do SIM Swap Attacks Work?

SIM switching uses social engineering like other hacking methods. Hackers find social engineering easier than brute-force attacks, which require trying an endless number of character combinations to guess a password. Hackers can easily perform a SIM switch attack by tricking the victim’s telecom operator into thinking they own the SIM card and want to transfer all communication to their own SIM card. The service provider only needs the hacker’s personal information to switch SIMs. The service provider will port the number if the hacker has the victim’s personal information. The client’s maiden name, career history, date of birth, and family details are often sought before the switch.

Hackers can collect this information from social media, stolen files, and data extraction methods like phishing emails or apps that install malware on the victim’s device and scan the clipboard. SIM swapping in cryptocurrency occurs on decentralized apps that allow users to provide personal information, such as friend.tech, a Base network social finance (SoFi) platform.

Hackers can access vulnerable accounts after the SIM switch works. Here, SIM-card-based security measures may put user profiles in danger. Examples include accounts that use SIM-based two-factor Authentication or send password-change links to the SIM card. Since many emails are protected by SIM card-based protection, hackers may access and spread their reach.

Examples of SIM Swap attacks

Here are some known instances of SIM swap hacks that have recently impacted the crypto space.

Vitalik Buterin’s Twitter Account Hack

Even non-NFT enthusiasts can get a free NFT from Ethereum founder Vitalik Buterin. SIM Swap hackers used this method to breach the Ethereum founder’s Twitter account on September 9, 2023.

The link to a bogus website led investors to assume they could acquire a commemorative NFT made with Consensys, the MetaMask wallet developer. Linking wallets to the platform is required to receive the NFT. NFTs and other fungible tokens were taken from associated wallets. Despite prompt investor notifications, losses remained. Over 70% of the stolen assets, totaling $690,000, are NFTs, according to crypto investigator ZachXBT. Vitalik Buterin claims a SIM swap attempt on his T-Mobile account caused the hack. The obscene message was removed shortly after.

Friend.tech

In early October 2023, SIM swap attacks hit friend.tech, a decentralized social media network. Linking Twitter accounts to Base Layer 2 platforms creates user accounts. Early SIM switch attacks tied to Friend.tech occurred in late September 2023. Witnesses reported losing 20 ETH. Even in October, more cases appeared. ZachXBT’s tracking and reports show the SIM swap hacker took almost $385,000 in cryptocurrencies. After the incident, friend.Tech requires users to create a 2FA password when registering an account to prevent further intrusions.

Michael Terpin

Ellis Pinksy SIM switched Michael Terpin and stole $23 million in cryptocurrency at 15. After the attack in 2018, the prominent entrepreneur sued everyone involved, including Michael Terpin’s network provider, AT&T. Crypto SIM Swaps: Terpin sued the network provider for $220 million, $20 million for direct losses, and $200 million for extra damages. Even though the service provider won and didn’t pay fines, Terpin kept suing others, including Elvis Pinksy, who turned 18 in 2020.

The breach history shows that the juvenile was a front for a wider social engineering hacking ring that preyed on vulnerable individuals and telecom workers to steal sensitive data. The article claims Pinksy created Python software to search social media for telecom workers’ contact information. Pinksy and his group would then bribe the worker for target information. SIM switch hacks by telecom staff are prevalent; Terpin’s case is one.

How to Avoid SIM Swap Hacks

There has been a corresponding increase in cyber attack tactics employed by malicious actors whose sole purpose is to identify vulnerabilities in systems and take advantage of them. This article compiles lessons learned from actual SIM swap hacks and offers advice on how to protect yourself:

Use Authenticator Applications and Avoid SIM Card-Based Authentication

Most online sites offer Authentication for increased security. User requests like logins and withdrawals are authenticated using codes. Users can acquire unique codes by email, mobile phone, or authentication tools like Authy or Google’s 2-Factor Authentication. Most systems let users choose their authentication method.

Because SIM swap hacks are widespread, using a cellphone number to get authentication codes puts data at risk if the SIM card is taken. Similar things may happen to emails. Using an authentication app instead of your SIM card links your account security to your device, which raises security concerns. You’re less likely to lose money owing to SIM swap hacks.

Use MFA (Multi-Factor Authentication) Where Supported

Your profile can be secured with Multi-Factor Authentication (MFA), which requires more than a password. Multiple verifications for key activities are suggested wherever possible, even if incompatible with all systems. This makes logging in difficult, but it protects your account from hackers who bypass the initial security. Consider biometric Authentication in addition to your password. However, Your authentication approach should include passwords, application-based Authentication, and inheritance authentication methods like fingerprint scans. Avoid SIM card-based authentication, as advised.

Avoid Using Your Phone Number as a Sign-in and Recovery Method

Users can create accounts on numerous platforms by supplying their phone numbers and Wiandord. Although platforms now offer email addresses instead of mobile numbers for this function, the former is still available. It is recommended to choose the email option in such a situation. Giving your phone number makes your account vulnerable to SIM swap hackers because it links your account to your phone number. For the same rationale, you shouldn’t use your cell phone number as your account recovery option.

Don’t Doxx Yourself

Doxxing is the unlawful disclosure of personal information. One can also doxx themselves. Claim an anonymous profile to do this. Doxxers verify account ownership and offer essential details. Since SIM swaps are done through social engineering, having easily accessible personally identifying information raises the chance of being hacked.

Doxxing yourself and proving ownership of a cryptocurrency address, smart contract, or project makes you hackable. Beyond SIM swaps, this includes more advanced social engineering attacks. Crypto SIM Swaps: Cryptocurrency investors’ wallet addresses are private because transactions are unrelated to names. Don’t share personal information online, like your cryptocurrency wallet address. If you must doxx alone, be aware of the risks and take measures.

What to Do if You Are the Victim of a SIM Swap Attack

The recommended preventative methods can only lower the risk of SIM switch hacking. Switch your SIM first. A SIM switch assault may have caused your SIM card to cease working. Test these two steps quickly to avoid network disruption.

If you’re under attack and can’t identify the swap, transfer your cryptocurrency from exchanges to a cold wallet and change the login information for unaffected accounts. Contact the affected platforms immediately to stop processing your account and find out where your money is going. A cold wallet is recommended since hackers can access your hot and cold wallets.

Call your provider to disconnect your line, which may take time. While waiting for your provider, save what you can. After everything calms down, examine the problem and make sure it doesn’t happen again. Find strategies to recover stolen funds. In extreme circumstances like Michael Terpin’s, litigation or a bounty to the hacker may be needed to retrieve the stolen assets.

Conclusion

Hacks allowing users to exchange SIM cards are concerning since mobile SIM cards can access a vast amount of personal information. We have covered potential measures Bitcoin investors can take to protect themselves and handle a SIM swap hack incident.

Following the actions mentioned above, it is recommended that you secure your accounts, regardless of whether you have ever been SIM-switched. Do your due diligence before linking your cryptocurrency wallet to any platforms promoted by popular personalities, especially if the offer seems too good to be true. This essay is solely intended for educational purposes, so please keep that in mind. Before adding new account security measures, know how they will affect your accounts.