SIM Swapping Attacks to Steal Cryptocurrency to Become Prominent

Fortify Security Team
Aug 24, 2021

Unidentified actors are conducting subscriber identity module (SIM) attacks and stealing cryptocurrency from victims, resulting in financial loss to cryptocurrency investors. Reporting indicates, unidentified actors withdrew cryptocurrency worth over $600,000 from accounts belonging to victims after successful SIM swap attacks.

  • On 9 May 2021, unidentified actors used a SIM swap attack and email intrusion to withdraw assets worth $380,000 from the Kraken cryptocurrency exchange account of a victim.
  • On 25 April 2021, unidentified actors called T-Mobile and swapped the SIM of a victim; when the victim logged into their Coinbase account, $15,000 in cryptocurrency was missing. The victim was initially unable to log into their email and Coinbase account and had to change their password.
  • On 5 March 2021, unidentified actors called T-Mobile and swapped the SIM of a victim; the actors accessed three of the victim’s email accounts and reset passwords for their cryptocurrency accounts, which all had dual-factor authentication. The victim was unable to access their cryptocurrency accounts containing $180,000 to $200,000 in cryptocurrency, but they believed it was likely lost.
  • On 14 August 2020, unidentified actors swapped the SIM of a victim with Sprint service in Gibson City, Illinois. The actors accessed the victim’s Yahoo and Coinbase accounts and transferred cryptocurrency worth at least $66,000 out of the victim’s account.

Criminal actors have used SIM swapping to facilitate cyber-crimes since at least 2008. Criminals used the technique for various crimes, to include acquiring access to celebrity accounts, committing toll fraud, accessing email accounts, and obtaining access to virtual private networks (VPNs). The use of SIM swapping to steal cryptocurrency seems to have become more prevalent starting in 2017. In January 2020, five wireless carriers used insecure authentication challenges which could be subverted by attackers. Cryptocurrency has increasingly become an attractive route for investment in the United States; 13 percent of recent survey respondents believed Bitcoin was the best way to invest, up from 2 percent in 2017 and 47 percent of respondents indicating they trusted Bitcoin over big banks, an increase from 29 percent in 2017. Another recent survey of 3,000 adults revealed 14 percent of the U.S. population owned cryptocurrency and 13 percent of U.S. adults planned to purchase cryptocurrency in the next 12 months. Between September 2020 and April 2021, the exchange rate between Bitcoin and the U.S. dollar rose from $10,804 to $62,851 before falling to $36,498 in May 2021.

As authentication security issues persist and cryptocurrency value and investment increases, criminals very likely will increase SIM swapping attacks resulting in further financial loss to victims. Mobile telephone  carriers should consider implementing security procedures which prevent social engineering of its representatives and encouraging the public to disable the ability to use text messages as a dual-factor authentication method, for financial and email accounts especially.


Recent Posts

North Korean Hackers Target Blockchain and Gaming Companies

Hackers tied to the North Korean government are using a mixture of spearphishing and malware to target and rob companies in the cryptocurrency and gaming industries, the U.S. government warned this week. The alert, issued by the FBI, Department of the Treasury and...

Ransomware Attacks on Agricultural Cooperatives

The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss,...

Google Chrome Could Allow for Arbitrary Code Execution

A vulnerability has been discovered in Google Chrome that could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. THREAT INTELLIGENCE: There are currently no reports of this vulnerability being exploited in the wild....