Last week, NewsBTC put a spotlight on the increasing need for account security for crypto investors, due to an emerging trend of SIM-port hacks that have resulted in investors having their accounts completely drained by cyber criminals. These cyber criminals gain access to a crypto investor’s phone number with the goal of intercepting SMS-based authentication codes that will allow the hackers easy entry into the investor’s sensitive accounts, such as personal email accounts, or even direct access to crypto exchanges themselves where assets are held.
Since then, reports of an additional 15 more crypto community members have been targeted in like-cases of SIM-port hacks, demonstrating how this emerging trend is rapidly becoming a major threat for all crypto investors.
More Crypto Investors Fall Victim to Growing SIM-Port Hack Crime Spree
According to Andrew Kang, co-founder of MinerUpdate and a new crypto startup called Stealth, he and 15 other members of the cryptocurrency community have fallen victim to a SIM-port hack.
Sim Swapped. Phone number ported. Thanks @TMobile
That’s at least 15 of us in the crypto community in the last week.
— Andrew Kang (@Rewkang) June 1, 2019
In most cases, these hacks result in a crypto investor’s accounts being wiped out. In Kang’s case, no losses have been reported and according to the former venture capitalist the hackers were only able to access a Telegram account due to his reliance on authenticator-based two-factor authentication instead of the SMS-based authentication the hackers had been targeting.
Related Reading | Google U2F Security Expert: Crypto is Like Catnip for Cyber Criminals
Hackers pose as an individual, claiming to be reporting a lost or stolen phone. The hackers are then able to gain control of the individual’s phone number, and use it to intercept SMS-based text messages containing sensitive account authentication codes. These codes area then used to gain entry into the individual’s Gmail account or other accounts, which are often tied to more sensitive accounts such as bank accounts or cryptocurrency exchanges.
In Kang’s case, having either Google Authenticator or Authy set up may have prevented him from experiencing any loss related to crypto assets he had stored on an exchange or web wallet. Others in recent reports haven’t been so lucky, as was the case with Sean Coonce, Engineering Leadership at BitGo, who published a story about how he learned the most expensive lesson of his life by not taking further precautionary steps to secure his crypto assets.
Interestingly, Kang and others who were affected in this latest string of attacks claim to have had “special instructions” in place on their T-Mobile accounts – instructions that were clearly ignored by company employees who were either negligent or working in cooperation with the hackers, as some crypto community conspiracy theorists suspect.
Related Reading | Pro League of Legends Gamer Robbed of $200K in Crypto in Sim-Hack
This past week, Coinbase enabled support for U2F (Universal 2nd Factor) security keys that add an additional layer of protection by requiring the physical key be in the account holder’s possession at the time of login. This prevents any hackers from illegally gaining access, and such an extra step will do away with any risk of SIM-port attacks and is a step all crypto investors should consider taking as this trend continues to grow.