SIM Swapping Attacks to Steal Cryptocurrency to Become Prominent

Fortify Security Team
Aug 24, 2021

Unidentified actors are conducting subscriber identity module (SIM) attacks and stealing cryptocurrency from victims, resulting in financial loss to cryptocurrency investors. Reporting indicates, unidentified actors withdrew cryptocurrency worth over $600,000 from accounts belonging to victims after successful SIM swap attacks.

  • On 9 May 2021, unidentified actors used a SIM swap attack and email intrusion to withdraw assets worth $380,000 from the Kraken cryptocurrency exchange account of a victim.
  • On 25 April 2021, unidentified actors called T-Mobile and swapped the SIM of a victim; when the victim logged into their Coinbase account, $15,000 in cryptocurrency was missing. The victim was initially unable to log into their email and Coinbase account and had to change their password.
  • On 5 March 2021, unidentified actors called T-Mobile and swapped the SIM of a victim; the actors accessed three of the victim’s email accounts and reset passwords for their cryptocurrency accounts, which all had dual-factor authentication. The victim was unable to access their cryptocurrency accounts containing $180,000 to $200,000 in cryptocurrency, but they believed it was likely lost.
  • On 14 August 2020, unidentified actors swapped the SIM of a victim with Sprint service in Gibson City, Illinois. The actors accessed the victim’s Yahoo and Coinbase accounts and transferred cryptocurrency worth at least $66,000 out of the victim’s account.

Criminal actors have used SIM swapping to facilitate cyber-crimes since at least 2008. Criminals used the technique for various crimes, to include acquiring access to celebrity accounts, committing toll fraud, accessing email accounts, and obtaining access to virtual private networks (VPNs). The use of SIM swapping to steal cryptocurrency seems to have become more prevalent starting in 2017. In January 2020, five wireless carriers used insecure authentication challenges which could be subverted by attackers. Cryptocurrency has increasingly become an attractive route for investment in the United States; 13 percent of recent survey respondents believed Bitcoin was the best way to invest, up from 2 percent in 2017 and 47 percent of respondents indicating they trusted Bitcoin over big banks, an increase from 29 percent in 2017. Another recent survey of 3,000 adults revealed 14 percent of the U.S. population owned cryptocurrency and 13 percent of U.S. adults planned to purchase cryptocurrency in the next 12 months. Between September 2020 and April 2021, the exchange rate between Bitcoin and the U.S. dollar rose from $10,804 to $62,851 before falling to $36,498 in May 2021.

As authentication security issues persist and cryptocurrency value and investment increases, criminals very likely will increase SIM swapping attacks resulting in further financial loss to victims. Mobile telephone  carriers should consider implementing security procedures which prevent social engineering of its representatives and encouraging the public to disable the ability to use text messages as a dual-factor authentication method, for financial and email accounts especially.


Recent Posts

Beware of Grandparent Fraud Scheme Using Couriers

Criminal actors target elderly U.S. citizens in a grandparent fraud scheme in which they arrange for couriers to pick up bail money in person at the victim’s residence. Criminals telephonically contact their victims and pose as a grandchild, or another family member,...

Montana Rail Link Employee Reports Signals Tampering Incident

Illegal tampering with rail signals is an ongoing safety and security concern, especially at rail crossings. One diligent Montana Rail Link employee’s reporting of a security incident likely saved lives and averted the possibility of “catastrophic damage,” affirming...


Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China ’s MSS Hainan State Security Department SUMMARY APT40—aka BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope,...

Encrypted Online Platform ‘Chirpwire’ Used By Al-Qa’ida Media

Al-Qa’ida (AQ), like the Islamic State of Iraq and ash-Sham (ISIS), has experienced persistent suspensions of their accounts across various online platforms. In a continued effort to maintain their online presence, AQ is now using the encrypted online platform called...