The SIM Swap Threat to Cryptocurrency

We’re all aware of the importance of online security, but what about the security of the IT providers you rely on?

Hacks on global platforms like Facebook expose the data of millions of users, but on a more personal level, this year has seen the emergence of SIM swapping as a technique for stealing cryptocurrency. Hackers capture a target’s phone number through their telecommunications provider to sidestep SMS-based two-factor authentication and access their crypto wallet.

Unlike many transfers of standard currencies from an account, which can more easily be tracked, cryptocurrency thieves can put the stolen tokens up for sale on an online cryptocurrency exchange forum or social platform and quickly launder and shift the stolen funds.

Many of the more than 140 different active exchanges do not necessarily conform to financial service best practice or have transparent ownership, which often makes the issue of tracking and securing lost funds even more difficult, although most exchanges require ID verification.

As reported by ZDNet, the men arrested for the theft of Crowd Machine Compute Tokens (CMCT) on September 22 are the fourth and fifth suspects arrested in the USA for SIM swapping this year.

In August, Michael Terpin, a crypto investor from the US, filed a US$224 million lawsuit against AT&T, which he has accused of “gross negligence” that caused him to lose $24 million in cryptocurrency. According to Cointelegraph, the Terpin case could be a legal precedent for SIM swapping scams.

SIM swappers look for personal information on a target to help convince their phone-provider’s technicians and customer support workers to port the target’s number over to another phone, often without needing to prove their identity.

This was the case with a number of T-Mobile customers earlier this year where hackers used a bug to access their personal information and impersonate them to take control of their online identities.