SIM Swapping Attacks to Steal Cryptocurrency to Become Prominent

Fortify Security Team
Aug 24, 2021

Unidentified actors are conducting subscriber identity module (SIM) attacks and stealing cryptocurrency from victims, resulting in financial loss to cryptocurrency investors. Reporting indicates, unidentified actors withdrew cryptocurrency worth over $600,000 from accounts belonging to victims after successful SIM swap attacks.

  • On 9 May 2021, unidentified actors used a SIM swap attack and email intrusion to withdraw assets worth $380,000 from the Kraken cryptocurrency exchange account of a victim.
  • On 25 April 2021, unidentified actors called T-Mobile and swapped the SIM of a victim; when the victim logged into their Coinbase account, $15,000 in cryptocurrency was missing. The victim was initially unable to log into their email and Coinbase account and had to change their password.
  • On 5 March 2021, unidentified actors called T-Mobile and swapped the SIM of a victim; the actors accessed three of the victim’s email accounts and reset passwords for their cryptocurrency accounts, which all had dual-factor authentication. The victim was unable to access their cryptocurrency accounts containing $180,000 to $200,000 in cryptocurrency, but they believed it was likely lost.
  • On 14 August 2020, unidentified actors swapped the SIM of a victim with Sprint service in Gibson City, Illinois. The actors accessed the victim’s Yahoo and Coinbase accounts and transferred cryptocurrency worth at least $66,000 out of the victim’s account.

Criminal actors have used SIM swapping to facilitate cyber-crimes since at least 2008. Criminals used the technique for various crimes, to include acquiring access to celebrity accounts, committing toll fraud, accessing email accounts, and obtaining access to virtual private networks (VPNs). The use of SIM swapping to steal cryptocurrency seems to have become more prevalent starting in 2017. In January 2020, five wireless carriers used insecure authentication challenges which could be subverted by attackers. Cryptocurrency has increasingly become an attractive route for investment in the United States; 13 percent of recent survey respondents believed Bitcoin was the best way to invest, up from 2 percent in 2017 and 47 percent of respondents indicating they trusted Bitcoin over big banks, an increase from 29 percent in 2017. Another recent survey of 3,000 adults revealed 14 percent of the U.S. population owned cryptocurrency and 13 percent of U.S. adults planned to purchase cryptocurrency in the next 12 months. Between September 2020 and April 2021, the exchange rate between Bitcoin and the U.S. dollar rose from $10,804 to $62,851 before falling to $36,498 in May 2021.

As authentication security issues persist and cryptocurrency value and investment increases, criminals very likely will increase SIM swapping attacks resulting in further financial loss to victims. Mobile telephone  carriers should consider implementing security procedures which prevent social engineering of its representatives and encouraging the public to disable the ability to use text messages as a dual-factor authentication method, for financial and email accounts especially.


Recent Posts

Ransomware Attacks on Agricultural Cooperatives

The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss,...

Stabbing Attack Injures Multiple Victims on Passenger Train

A yet to be identified male attacker, armed with a knife, stabbed at least 10 passengers on board a commuter train in the Japanese capital, Tokyo, on Friday night, August 6. The attack occurred on an evening commuter train in Tokyo's Setagaya ward, which is located in...

Beware of Grandparent Fraud Scheme Using Couriers

Criminal actors target elderly U.S. citizens in a grandparent fraud scheme in which they arrange for couriers to pick up bail money in person at the victim’s residence. Criminals telephonically contact their victims and pose as a grandchild, or another family member,...

Xylazine Abuse Presents Potential for Weaponization

Xylazine abuse and overdoses have occurred since at least the 1980s, however, within the last decade, several U.S. states and territories have reported spikes in xylazine misuse, including Texas, Maryland, Pennsylvania, and Puerto Rico. As a non-opioid sedative,...