$1 Million Stolen As Crypto “Sim Swappers” Attack Again

From crypto-based mining to identity fraud, criminals looking to exploit the cryptocurrency industry seem to be coming up with new and innovative ideas everytime the security systems get one step ahead of them. These relentless crypto hackers are no doubt ambitious, resourceful and smart enough to quickly figure out exactly where the system’s armor is the thinnest.

Another one of these devious scams has turned out to be “Sim Swapping.” This time, the hackers were able to gain access into the phone of a Silicon Valley executive and managed to get away with $1 million worth of cryptocurrency, according to a CNBC report.

What is Sim Swapping?

Sim Swapping is a criminal act in which the person gains unauthorized access to the victim’s phone without letting the victim know that their phone has been breached. Cryptocurrency is but one of the vulnerabilities in this attack – when the attackers gain access to a phone, the victim’s bank account credentials, credit/debit card details and other sensitive information are just as much at risk of being misused.

To orchestrate the attack, the criminal first gathers a plethora of data on the victim including their name, address, date of birth and home phone number.

After gathering all relevant information, the attacker calls the victim’s phone service provider claiming to have had their phone lost or stolen. If they can successfully convince the provider that it is indeed the victim calling, then the provider transfers over all of the victim’s data stored on that SIM card over to the attackers.

How did they manage to steal $1 million?

This attack was just another one in a long list of similar Sim Swapping attacks, and this probably won’t be the last time. In early 2018, it was reported that a U.S. investor was also attacked by Sim Swappers and lost $24 million in the theft. Similar to the current attack, this one also happened when attackers gained access to the victim’s personal information.

Since the attack, the Silicon Valley executive has sued his telecom provider that facilitated the swap, AT&T and claimed damages of an estimated $224 million. The plaintiff alleged negligence on a large scale by the telecom provider.

More recently, a group of Sim Swappers attacked the crypto project Crown Machine and resulted in the loss of around $14 million. The project was storing their native CMCT tokens on an online mobile wallet, and upon stealing the tokens, the attackers transferred the tokens to third-party crypto exchange to inconspicuously trade them mixed with other cryptocurrencies. Two of the attackers, Joseph Harris and Robert Fletcher Childers were eventually arrested.