SIM swap fraud — scams involving the compromising of victims’ phone numbers to, in the context of the cryptoeconomy, gain access to or solicit cryptocurrency — are on the rise as the markets around bitcoin and other top cryptocurrencies have turned bullish again.
The latest example of the malicious trend occurred over the weekend, when a series of prominent cryptoeconomy stakeholders — several of whom were associated with Ethereum ecosystem open-source funding group MolochDAO — were hit with SIM swaps that saw an as-yet determined attacker breach into respective phones’ accounts.
One of the episode’s targets was SpankChain chief executive officer and MolochDAO founder Ameen Soleimani, who said the culprit attempted to reset his Telegram account.
Apparently @MolochDAO members are under SIM swap attack. Reminder to use 2fa apps and don’t use text verification for anything (especially gmail).
— eric.eth (@econoar) May 26, 2019
Notably, Telegram has been a focus of this latest blitz of swaps. During the same time frame, blockchain developer Rick Dudley experienced a similar reset attempt on their Telegram profile, whereas TruStory founder Preethi Kasireddy’s Telegram was successfully breached and used to solicit bitcoin from her contacts.
My phone was hacked.
Hacker logged into my @telegram account and messaged a bunch of folks asking for BTC.
PSA: If you got a message from me asking for BTC, that was not me.
— Preethi Kasireddy (@iam_preethi) May 25, 2019
For example, the attacker reached out to Kasireddy’s boyfriend via the encrypted messaging app, unaware or at least not caring that the TruStory founder’s partner would instantly recognize the message as fraud.
In rather unconvincing fashion, the attacker had assumed Kasireddy’s identity and written:
“I was wondering if you’d be able to loan me 1 BTC for a week. I’m out of town and don’t have access to my Ledger wallet until I get back. I can repay you 1.1 BTC when I’m back.”
Due to the timing and similarity of the attacks, it seems likely it’s the work of the same actor or group of actors. Hoard community manager Chris Robison has hailed the events as a “mass coordinated attack,” while Golem comms specialist María Paula has speculated the swaps are coming “from an organized group w/ a Discord channel and all.”
A growing chorus of victims are arguing that employees at major phone service providers like T-Mobile and AT&T are being bribed to help attackers facilitate the swaps. If true, the employees being bribed are presumably supervisors that command the authority to change users’ accounts with little, if any, oversight.
Wow. Crazy. Employees getting bribed to port sims. Particularly lucrative for 2fa protecting crypto. https://t.co/G2nM0vQDDe
— Simon de la Rouviere ???? (@simondlr) May 26, 2019
As for the swappers themselves, they target high-profile cryptocurrency users — e.g. Soleimani, Kasireddy, and Dudley — who are pegged as having large cryptocurrency holders or enough social capital that their identities could be leveraged to solicit crypto from others.
Indeed, SIM swappers can try to breach social media accounts for the purposes of social engineering, e.g. Kasireddy’s attacker, or they can go directly after cryptocurrency by breaking into users’ crypto exchange accounts.
Of course, that latter vector only works if compromised users keep digital assets on an exchange instead of, say, a hardware wallet. An unfortunate example of this style of takeover fraud occurred earlier this month to Sean Coonce, an engineer with BitGo.
Coonce published a blog post on May 20th dubbed “The Most Expensive Lesson of My Life: Details of SIM Port Hack,” in which he outlined how a malicious agent swiped around $100,000 USD worth of cryptocurrency from the engineer’s Coinbase account after his SIM was compromised.
At the end of his public service announcement, Coonce cautioned that the incident was preventable. He wrote:
“I can’t stop thinking about the small, easy things I could have done to protect myself along the way.”
So what can everyday cryptocurrency users do to avoid falling victim similarly? One starting point is to remove your phone number’s association with any accounts linked to services of value, e.g. your email.
Yet even with mitigation possibilities, SIM swapping is set to get worse in the cryptoeconomy until major mobile service providers find ways to more seriously tackle the problem from their end. It’s currently estimated more than $50 million worth of crypto has been stolen from takeover fraud since the beginning of last year.