BlockchainBusiness & FinanceSpotlight

SIM Swap Attacks Pose A Serious Threat to Your Hot Wallets & Crypto-Linked Accounts, Says Co-Founder & General Partner Morgan Creek Digital

SIM swap attacks are becoming a much greater threat to the world of cryptos with each passing day. If a SIM swap attack happens to you, you might lose all the money you have in cryptos. Everyone using a SIM in their phone is prone to this attack and even the greats of this game are not immune, such as Jason Anthony Williams, the co-founder of Morgan Creek Digital Assets and the Chief Executive Officer of the North Carolina-based project PRTI Inc. aimed at processing waste tires and converting them into valuable commodities.

Jason recently lost millions of dollars worth of cryptocurrencies through a SIM swap attack while he was working abroad. Through this attack, the hackers are able to convince your SIM carrier to shift all the activities of your number onto a new device. This happens after they have gotten some of the personal information linked to your account’s security such as birthdate, full names, address etc. Since phone-based authentication procedures are on the rise, the hackers can then use your phone numbers to reset the passwords linked to your online accounts. The result, your personal identity stolen with your crypto accounts in the hands of the hackers.

Jason became a victim of these SIM swap attacks thrice. Talking to BlockPublisher about the first incident of this attack back in November of this, he said:

Jason: “I was overseas and I was working actually at about 12 AM where I was. I was on my phone and I noticed all of a sudden that my SIM card shut off, I had no service. I immediately went into my settings and it showed that my SIM card had been deactivated. I had known about the sim-swap attacks and doxxing but I had never experienced it. In the next 12 hours, all hell broke loose for me.

I had no access to my email because after they SIM swapped my phone, they were able to change all of my email passwords and most of us have combinations of hot wallets, exchanges that we domicile our crypto on. So once the hackers were able to SIM swap my phone and then take control of my email, they were able to change my passwords on my crypto accounts and also two-factor authenticate those passwords because they use your cell phone to get the text message to validate the change of password.

Big security issue for those who are keeping their crypto in hot wallets or exchanges.”

Jason then pointed out another important detail linked to this attack so that people can stay alert and remain protected. He said:

Jason: “I was mining, in a pretty mature way, and when they [hackers] SIM swapped my phone they were able to see my mining app, so they knew which mining pool I was in. Then they were able to change my passwords in my mining pool but more detrimental than that, they were able to change the bitcoin address in my mining pool and redirect my mine to their new address and lock it. I wasn’t able to redirect the bitcoin.”

Now, this is a very serious issue that needs to be highlighted in the crypto community right now. Locking bitcoins in another address after a hack, that is surely something to worry about.

Jason: “They essentially stole my mine. If you redirect the bitcoin address of your mine, you have lost your miners.

My only recourse was to dump the router. So, I was able to contact my mine manager and have them pull the plug on the router. I did continue to give these hackers bitcoin, and then I was able to stand up a new mining pool, redirect the mine to that new site and then lock the bitcoin address myself.”

This is how Jason took the control back after the first incident.

Talking about the second incident, Jason said:

Jason: “And then, this was in December, I got SIM swapped again. I had gone to my carrier and told them, under no circumstances are you to issue a new SIM card for my phone unless it’s in Raleigh, North Carolina, at the store, and the person has two forms of identification. But nope, they issued a new SIM card to someone at a store. I mean this is a major issue for cell phone carriers, they don’t have good custody of your information.

This is the third SIM swap attack I have had. I want to sue my carrier at this point for the millions of dollars I lost.”

Besides this, the hackers are even threatening Jason for money. During the SIM Swap attack, the hackers also got into the social media accounts of Jason and many people were approached by them in scam businesses.

Jason: “You know I lost a lot of money and time on this, but what really breaks my heart is the people that follow me on social media, a lot of them were scammed for cryptos by these hackers through my social media accounts. It makes me so sad, I wish there was more I could do to fight this. I am working hard to try to come up with solutions. But it’s not a good situation. Again, we are so early in this whole crypto game, there are just no good solutions.

The cell phone SIM swap hack is a massive issue for crypto.”

Talking about how this issue could be solved, Jason suggested using the older tech in order to ensure some security.

Jason: “I think we have to use like retrograde technology application. You have to step back. You don’t want to use more technology to fight this, you have to use less. We have to put time delays in for withdrawals of cryptos. We need to put in biometric solutions to change passwords.

We have to use cold, dark storage devices to keep our cryptos safe. Those things have to be offline and we probably need to use some type of non-human opportunity to reconnect those computers that are in cold storage. Those are all new opportunities for smart business people to build new businesses to protect the users.”

SIM swap is a real issue. People need to be more aware of the situation. Personal information linked to your account’s security should be kept safe. Alerts should be set up for false attempts of logging into your accounts. Two-factor authentication should be set up for your private accounts. Services that do not require mobile phone numbers should be provided with the phone numbers. There are also some authentication apps present such as Google Authenticator, Authy etc. that can certainly prove to be helpful. PINs and passcodes provided by the US cell phone providers can also be used to separate your number from your account.

The prospects offered by the world of blockchain and cryptos seem revolutionary, but since this world is still in its nascent phase, the need of the hour is to stay vigilant.

Updated On 1/1/2019 10:11 PM PKT for a slight adjustment.

Ahsan Khalid

Blockchain Developer. An Electrical Engineer with majors in software development. I present forward my insight regarding the latest happenings of the blockchain world. All views on my articles are my own. Email: ahsan@blockpublisher.com or editor.news@blockpublisher.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.