Cryptocurrency theft can come in many different forms. Exchanges can be hacked, or users can fall victim to phishing attacks. There are also the exit scams performed by illicit trading platforms. All of those options aside, the biggest threat comes in the form of SIM swapping. One cryptocurrency trader is now suing AT&T after this fraudulent SM swap caused a loss of $1.8m worth of crypto.
Explaining the SIM Swap
Criminals all over the world have been looking for ways to bypass two-factor authentication measures associated with the login credentials. In most cases, the 2FA verification is linked to a mobile phone number. Customers will usually get an SMS containing a one-time code which needs to be entered when logging in or when performing specific functions on the platform. It is an extra layer of security that doesn’t introduce too much inconvenience. It is also a free way to protect one’s account from unauthorized use.
Keeping that information in mind, it is only normal criminals are looking for ways to obtain access to these mobile phone numbers. The easiest method is to force a SIM swap and give ownership over the phone number to someone else. To do so, criminals need to get in touch with the company providing services for the phone number and bypass a few security questions. Most of the security question-related information is retrieved from social media, or other means necessary. Once the process is complete, the criminals can bypass two-factor authentication and abuse cryptocurrency accounts as they see fit.
AT&T Faces a Lawsuit
Seth Shapiro is one of the individuals who fell victim to a fraudulent SIM swap in recent times. He claims the provider in question – which is AT&T – is responsible for allowing criminals to take over his phone number. In his complaint, he mentions how there is a lack of proper procedures and systems to prevent such fraudulent efforts from taking place. He also has shared how criminals obtain unauthorized access to his wireless account at least four different times, indicating there were numerous attempts to take over his phone number which did not succeed. As such, his account should have been flagged and any further requests should have been ignored.
Once the hackers completed their SIM swap, they were able to take control of his personal and digital finance accounts. Which exchanges or online wallets were involved in this process, has not been disclosed at this time. The criminals managed to steal $1.8 million worth of various cryptocurrencies from these accounts in quick succession. Not only does AT&T face a lawsuit over their security practices, but Shapiro also alleges the employees deliberately allowed criminals to take over his account for monetary gain. That is a very serious allegation which might not be that easy to prove.
Keep Funds off Exchanges
Incidents like these are precious in their own regard. Not only will it serve as a warning to mobile providers who tend to let these events transpire without repercussions, but it’s also valuable to cryptocurrency users. Just because an online account is protected by two-factor authentication doesn’t make it safe. Funds should never be kept in an account others could access. Instead, it is much safer to store funds offline, either by using a hardware wallet or other device that is never connected to the internet.