P Xenos and M Bacina
$24 million worth of bitcoin lost in a SIM swap attack
A crypto investor (Michael Terpin) has lost bitcoin worth as much as $US24 million after falling victim to a SIM swapping scandal involving a theft of 1,500 bitcoins.
It was reported that the thefts occurred due to the hackers taking control of the investor's phone number and using Google’s “Forgot password?” feature to gain access to his email. With possession of the two personal accounts, the thieves hacked Terpin’s crypto wallet, stole the digital assets and quickly sold them.
SIM swapping is quickly becoming a significant and more prevalent cause for concern, particularly in the US, and has historically been tied more closely to identity theft. However, the rise of mobile phones being used as a 2 factor authentication device (via SMS) has driven a corresponding rise in SIM swapping so that hackers can then move to seize control (and empty) bank accounts, run up massive phone bills to paid services, and steal cryptocurrencies.
SIM swaps are incredibly precise, and have been rampant over the past year with such major examples such as Twitter CEO Jack Dorsey's SIM swap attack on August 30, and more notably, California resident Seth Shapiro's lawsuit against wireless service giant AT&T, where it was alleged that AT&T employees helped to perpetrate a SIM-swap which resulted in the theft of over $1.8 million in total, including cryptocurrencies.
What can you do to avoid becoming a victim of online crime? Here are a few simple steps that can make a big difference:
Stop using SMS 2 factor authentication, use Google Authenticator or another third party tool (and back up your restoration phrase in hard copy!);
Switch to a password manager with a very strong master password (1Password and Lastpass are great options);
Lock down your social media privacy settings, keep your birthday details offline and don't post anything you wouldn't be comfortable being on the front page of the newspapers/Google;
Switch to secure browsing services like Brave or DuckDuckGo to reduce the amount of your data which is being collected online;
Pay for content - searching for pirate material is increasingly a fast way to get hacked.