SIM swap attacks don’t require much technical expertise, so it’s crucial for users to be vigilant about protecting their identity.
Despite advancements in cybersecurity, online identity remains vulnerable to various risks, including attacks targeting users’ phone numbers.
In early July, LayerZero CEO Bryan Pellegrino fell victim to a SIM swap attack, temporarily granting hackers control over his Twitter account.
“I believe someone took my conference badge from the trash and somehow convinced a representative to accept it as proof of my identity for the SIM swap while I was leaving Collision,” Pellegrino shared after regaining control of his account.
“Just a regular paper conference badge with ‘Bryan Pellegrino — speaker’ on it,” Pellegrino told Cointelegraph.
This incident might lead people to assume that executing a SIM swap hack is as simple as snatching someone’s badge. To shed light on the matter, Cointelegraph reached out to cryptocurrency security firms for insights.
What is a SIM Swap Hack?
A SIM swap hack is a form of identity theft where attackers take control of a victim’s phone number, enabling them to access bank accounts, credit cards, or cryptocurrency wallets.
In 2021 alone, the United States Federal Bureau of Investigation received over 1,600 SIM swapping complaints involving losses exceeding $68 million. This marked a 400% increase compared to the previous three years, indicating a concerning rise in SIM swapping cases, according to Hugh Brooks, CertiK’s director of security operations.
“Unless we move away from SMS-based two-factor authentication (2FA) and telecommunication providers enhance their security standards, we can expect the number of attacks to continue growing,” Brooks warned.
“23pds,” the chief information security officer at SlowMist, shared that while SIM swapping isn’t yet widespread, it possesses significant potential for further proliferation. He stated:
“As Web3 gains popularity and attracts more individuals, the likelihood of SIM swapping attacks also rises due to its relatively lower technical requirements.”
The SlowMist executive highlighted several SIM swap hack incidents in the crypto space over the past few years. For instance, in October 2021, Coinbase revealed that hackers had stolen cryptocurrencies from at least 6,000 customers due to a breach in two-factor authentication (2FA). Additionally, British hacker Joseph O’Connor faced charges in 2019 for pilfering around $800,000 in crypto through multiple SIM swap hacks.
How Difficult Is It to Execute a SIM Swap Hack?
According to CertiK’s Brooks, SIM swap hacks often rely on publicly available information or data obtained through social engineering.
“Compared to technically complex attacks like smart contract exploits or exchange hacks, SIM swapping can be seen as a relatively easier entry point for attackers,” Brooks explained.
SlowMist’s “23pds” agreed that high-level technical skills aren’t necessary for SIM swapping. They also emphasized that such attacks are prevalent not only in the Web3 environment but also in the Web2 world.
“It’s often easier to execute using social engineering tactics to deceive relevant operators or customer service personnel,” 23pds added.
Preventing SIM Swap Hacks
Since SIM swap attacks don’t demand advanced hacking skills, users must prioritize safeguarding their identity to thwart such breaches.
The primary defense against SIM swap attacks is to avoid relying on SIM card-based 2FA verification methods. Instead of using SMS, it’s better to opt for apps like Google Authenticator or Authy, as recommended by Budorin from Hacken.
SlowMist’s 23pds suggested additional preventive measures, such as implementing multifactor authentication and enhancing account verification through the use of extra passwords. They also strongly advised users to set strong PINs or passwords for their SIM cards and mobile phone accounts.
By adopting these precautions, users can significantly reduce the risk of falling victim to SIM swap attacks and ensure better protection for their online identities. Stay vigilant and take the necessary steps to secure your digital presence.