Bitcoin itself is the most secure network and piece of record the world has ever seen. However, cryptocurrency exchanges are third party managers of your crypto wealth and often rely on centralized models. Therefore, they are much more susceptible to hacking and other cyber crimes that can result in users losing their valuable funds. Essentially, one needs to be might careful regarding the workings of these digital platforms because they are not at all backed by the technological workings of secure cryptocurrencies like Bitcoin itself.
Recently, SIM swap attacks/scams have increased in number. It is a type of attack in which a person’s SIM is hijacked to overcome the two-factor authentication process of a typical cryptocurrency exchange using illegally obtained personal information. Hackers contact the telecom company of any individual and ask them to switch the number of the to-be victim to another phone which they have access of. They use personal information of the user to convince the telecom company that it is indeed the real owner of the email who is contacting them regarding the phone change. This allows hackers to take control over the phone number of the would-be victim and then they change the passwords of emails and crypto accounts. From here onwards, the attacker can easily send funds from the user’s wallets outside of the wallet thus effectively stealing his money just because his SIM had been taken over.
This kind of information can be obtained from direct hacking or purchasing from cyber criminals. Apart from this, countries where the telecom industry is either new or is easily corrupted offer a much more direct route for sim swap attacks a.k.a simjacking attacks. Here, corrupt telecom officials can be bribed to transfer the SIM module from the user’s phone to the hacker’s phone.
SIM swap attacks are a real problem facing the digital world of today and not just for the cryptocurrency exchanges. Banks, stock exchanges, online portals, etc all face this credible threat. Social media websites are also vulnerable to these attacks. A long list of high profile attacks involving SIM swapping have occurred in recent times including famously, Twitter CEO Jack Dorsey’s own Twitter account just last year.
A reddit user also reported a direct attack on his coinbase account recently. He claimed that his Coinbase account was hacked and the password was changed without his knowledge. He tried logging on to his email to reset it and even that was changed. He also realized late enough that he had no cell service as well. He immediately reset his phone and then proceeded to login to both his email and the Coinbase accounts. Luckily, nothing was stolen yet and he was able to withdraw all of his digital coins directly into his personal ledger hardware wallet. He also got to know that his password was changed from the UK and not US where he was living right now and that made him quite sure that it was an elaborate SIM swapping scheme.
While the whole episode didn’t result in any loss of funds, it could easily have been. So, the question is that how a person can save himself/herself from SIM swap attacks like these?
The Reddit user proceeded to add 2FA for every account (from banks to his online streaming) and changed his security phone number on them. He also called his cellphone company and complained regarding the whole episode. The company gave the usual response and said that they were handing it over to the fraud department. His phone number was eventually locked and he was unable to purchase a new one from the T-Mobile center.
But, even then, the writer is unsure how to respond to issues like these. SIM swapping is a serious business and needs to be addressed even if you are not a crypto user. You do have probably a bank account, social security or other online portals where your money is present and hackers must not be allowed to access them.
Here are some of the measures you can take to save yourself from SIM swapping attacks:
While machinations behind the workings of SIMs are extremely complex and not easy to understand for many, one thing is extremely important and that is every user can attach a PIN number to his/her mobile phone number. The PIN number can be an extremely useful tool as without its possession, SIM swaps cannot occur and thus, hackers have an additional discretionary information to dig before they can make SIM swap and steal your money.
Every major US telecom operator offers the option to attach a PIN number with a SIM. While it won’t help against an insider threat, it will surely help you against other attacks. Most of the world’s telecom operators also offer this service even though they don’t advertise it. But, once the PIN has been attached, do remember it because it controls the functions of your SIM and if you one day need to swap it across phones, you will need it.
2 Factor authentication is still the most effective way to counter against any SIM swap attacks. But what to do if a person’s SIM is hijacked and thus the 2FA compromised? Third party apps like Google authenticator and Authy add another layer of security as they are tied to your physical device like the phone or the PC from which you access different services. Thus, faking to be your phone adds another headache to potential hackers in addition to faking your SIM card.
There are physical 2FA authentication approaches as well. They include products like Yubikey and others. They need a separate physical device to actually enter the system to help verify your identity. So, in addition to hackers having to compromise your SIM card and your phone/PC, hackers will also need to be in control of this actual physical key to take key actions within that platform. Not all platforms offer these robust 2FA authentications but cryptocurrency exchanges almost universally have those.
Other measures that a user can take to protect his funds from SIM swap attacks include keeping a secret phone number for the 2FA process. Most people’s phone numbers are public and thus they can be directly attacked through SIM swaps so it is better to keep a private phone number for this purpose that you donot use. While this approach has its pros and cons as you would be required to put in additional work over it. But, it can be extremely useful.
Vigilance is the most important way to negate these cyber attacks. The Reddit user we discussed above is a good example as he immediately understood what was going on and proceeded to take countermeasures in an instant. His response probably saved his money. Users need to be similarly vigilant. If your SIM card is not getting picked up by your phone, then it is an immediate red flag. You must call your cellphone company and get your SIM back to your phone. The longer these crooks are able to control your SIM, the more vulnerable your money becomes.
In the digital world, there is no such thing as absolute online security and one way or another, users are vulnerable to attacks. So, following these elementary, yet extremely important steps can help you eliminate or mitigate any cyber attacks on your cryptocurrency exchanges or even other personal platforms.
Image source: pixabay.com
Don’t worry, we hate spam too
one weekly digest, just the important stuff.