SIM Swapping Attacks to Steal Cryptocurrency to Become Prominent

Fortify Security Team
Aug 24, 2021

Unidentified actors are conducting subscriber identity module (SIM) attacks and stealing cryptocurrency from victims, resulting in financial loss to cryptocurrency investors. Reporting indicates, unidentified actors withdrew cryptocurrency worth over $600,000 from accounts belonging to victims after successful SIM swap attacks.

  • On 9 May 2021, unidentified actors used a SIM swap attack and email intrusion to withdraw assets worth $380,000 from the Kraken cryptocurrency exchange account of a victim.
  • On 25 April 2021, unidentified actors called T-Mobile and swapped the SIM of a victim; when the victim logged into their Coinbase account, $15,000 in cryptocurrency was missing. The victim was initially unable to log into their email and Coinbase account and had to change their password.
  • On 5 March 2021, unidentified actors called T-Mobile and swapped the SIM of a victim; the actors accessed three of the victim’s email accounts and reset passwords for their cryptocurrency accounts, which all had dual-factor authentication. The victim was unable to access their cryptocurrency accounts containing $180,000 to $200,000 in cryptocurrency, but they believed it was likely lost.
  • On 14 August 2020, unidentified actors swapped the SIM of a victim with Sprint service in Gibson City, Illinois. The actors accessed the victim’s Yahoo and Coinbase accounts and transferred cryptocurrency worth at least $66,000 out of the victim’s account.

Criminal actors have used SIM swapping to facilitate cyber-crimes since at least 2008. Criminals used the technique for various crimes, to include acquiring access to celebrity accounts, committing toll fraud, accessing email accounts, and obtaining access to virtual private networks (VPNs). The use of SIM swapping to steal cryptocurrency seems to have become more prevalent starting in 2017. In January 2020, five wireless carriers used insecure authentication challenges which could be subverted by attackers. Cryptocurrency has increasingly become an attractive route for investment in the United States; 13 percent of recent survey respondents believed Bitcoin was the best way to invest, up from 2 percent in 2017 and 47 percent of respondents indicating they trusted Bitcoin over big banks, an increase from 29 percent in 2017. Another recent survey of 3,000 adults revealed 14 percent of the U.S. population owned cryptocurrency and 13 percent of U.S. adults planned to purchase cryptocurrency in the next 12 months. Between September 2020 and April 2021, the exchange rate between Bitcoin and the U.S. dollar rose from $10,804 to $62,851 before falling to $36,498 in May 2021.

As authentication security issues persist and cryptocurrency value and investment increases, criminals very likely will increase SIM swapping attacks resulting in further financial loss to victims. Mobile telephone  carriers should consider implementing security procedures which prevent social engineering of its representatives and encouraging the public to disable the ability to use text messages as a dual-factor authentication method, for financial and email accounts especially.


Recent Posts

State of Emergency – Moore County, North Carolina

Authorities in Moore County, North Carolina, declared a state of emergency on Sunday, December 4, following a targeted attack that damaged electricity infrastructure and left more than 40,000 customers without electrical power. County residents are under a curfew that...

Review of Reactions to Supreme Court Decision Roe v. Wade

In the wake of the announcement of the ruling by the United States Supreme Court that overturned the 1973 abortion rights decision in Roe v. Wade, activists, proponents, and supporters on each side of this issue assembled in demonstrations at dozens of cities...

Deepfakes and Stolen PII Used to Apply for Remote Work Positions

The FBI Internet Crime Complaint Center (IC3) warns of an increase in complaints reporting the use of deepfakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions. Deepfakes include a video, an image,...