Wave of SIM swapping attacks hit US cryptocurrency users
Numerous members of the cryptocurrency community have been hit by SIM swapping attacks over the past week, ZDNethas learned, in what appears to be a coordinated wave of attacks.
SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim’s phone number to their own SIM card.
The purpose of this attack is so that hackers can reset passwords or receive 2FA verification codes and access protected accounts.
These types of attacks have been going on for half a decade now, but they’ve exploded in 2017 and 2018 when attackers started focusing on attacking members of the cryptocurrency community, so they could gain access to online accounts used for managing large sums of Bitcoin, Ethereum, and other cryptocurrencies.
But while these attacks were very popular last year, this year, the number of SIM swapping attacks appeared to have gone down, especially after law enforcement started cracking down and arresting some of the hackers involved in these schemes
SOMETHING HAPPENED LAST WEEK
But despite a period of calm in the first half of the year, a rash of SIM swapping attacks have been reported in the second half of May, and especially over the past week.
3 SIM swap attacks in my feed these past days. All from the US. What the fuck is going on?
Ps. 2FA EVERYTHING AND DON’T USE A SINGLE ACCOUNT
— María Paula, not Maria (@MPtherealMVP) May 25, 2019
Apparently @MolochDAO members are under SIM swap attack. Reminder to use 2fa apps and don’t use text verification for anything (especially gmail).
— Eric Conner (@econoar) May 26, 2019
Fuck I am getting sim swapped.
— 👹 Cassandra Shi (@cassshih) May 25, 2019
My personal identity was hacked last week. The attacker was able to steal $100k+ in a sweep of my Coinbase account. I’m equal parts embarrassed, hurt, and deeply remorseful.
In an effort to raise awareness about the attack, I wrote about it here: https://t.co/ZnbB0AN6Gd
— Sean Coonce (@cooncesean) May 20, 2019
All of the users listed in the tweets above are connected in one way or another to the cryptocurrency community.
Some of them have publicly admitted to losing funds, such as Sean Coonce, who penned a blog post about how he lost over $100,000 worth of cryptocurrency due to a SIM swapping attack.
SOME VICTIMS AVOIDED GETTING HACKED
ZDNet also spoke with some of the other victims over the weekend. Some candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.
One victim, who wanted to remain anonymous, said that once hackers realized access to cryptocurrency exchange accounts was not possible, intruders quickly switched tactics and targeted social media and email accounts, successfully hijacking the victim’s Instagram account.
This exact same thing also appears to have happened to other users, with hackers taking over social media accounts over the past week when they realized they couldn’t access cryptocurrency accounts.
PSA: If you have @TMobile as your Cell provider, someone was able to convince them to swap the SIM on one of the lines on my account at 10 PM last night without my authorization and used it to break 2-factor authentication, and gain access to an @instagram account.
— Hunter Bond 🔜E3 (@BondHunterBond) May 27, 2019
My phone was hacked.
Hacker logged into my @telegram account and messaged a bunch of folks asking for BTC.
PSA: If you got a message from me asking for BTC, that was not me.
— Preethi Kasireddy (@iam_preethi) May 25, 2019
SIM SWAPPING ATTACKS HAPPENED IN THE US ALONE
The majority of these SIM swapping attacks appear to have taken place over the last week alone, and targeted US-based users only.
While some of the users who reported SIM swapping attacks on Twitter said they were T-Mobile customers, the issue isn’t limited to T-Mobile alone.
In conversations that ZDNet had with other victims, some revealed they were also AT&T customers.
In an interview last year, Caleb Tuttle, a detective with the Santa Clara County District Attorney’s office, said SIM swapping attacks happen in one of three ways.
The first is when the attacker bribes or blackmails a mobile store employee into assisting in the crime. The second involves current and/or former mobile store employees who knowingly abuse their access to customer data and the mobile company’s network. Finally, crooked store employees may trick unwitting associates at other stores into swapping a target’s existing SIM card with a new one.
Whatever happened over these past two weeks, the perpetrators won’t be able to hide for long.
If there’s something that we learned until now is that SIM swappers rarely get away with their crimes, mainly because there’s way too much logging happening at telecom providers for the attackers to have a clean getaway.