Despite the progress in cyber-security, online identity remains vulnerable to a variety of risks, such as those associated with SIM swap attacks.
In early July, the CEO of LayerZero, Bryan Pellegrino, became one of the latest victims of this type of attack, which resulted in the hacker taking control of his Twitter account for a brief period of time.
Pellegrino believes that the hacker obtained his badge from the trash and used it as a form of identification for the SIM swap when he was leaving Collision. “It was ‘Bryan Pellegrino — speaker’ just your normal paper conference badge,” he shared with Cointelegraph.
The incident with Pellegrino has caused users to think that performing a SIM swap hack is as simple as getting someone’s badge. Cointelegraph has reached out to some crypto security firms to find out if this is the case.
What is a SIM swap hack?
SIM swapping, also known as a SIM hack, is a type of identity theft where criminals take control of a victim’s phone number and use it to access their bank accounts, credit cards or crypto accounts. According to the Federal Bureau of Investigation in the United States, the number of SIM swap complaints received in 2021 was over 1,600, with losses of more than $68 million – a 400% increase compared to the three previous years.
Hugh Brooks, the director of security operations at CertiK, noted that this type of attack is “definitely on the rise” unless SMS-based two-factor authentication is replaced and telecom providers improve their security standards. SlowMist’s chief information security officer “23pds” believes that SIM swap hacks are not yet widespread, but they have the potential to increase in the near future.
Several cases of SIM swap hacks in the crypto space have been reported in recent years. For example, in October 2021, Coinbase revealed that hackers had stolen crypto from at least 6,000 customers due to a two-factor authentication breach. In 2019, British hacker Joseph O’Connor was charged with stealing around $800,000 worth of crypto through multiple SIM swap hacks.
How difficult is it to carry out a SIM swap hack?
As per CertiK’s executive, SIM swap hacking can usually be accomplished with data that is publicly available or that can be acquired through social engineering.
“Generally speaking, SIM swapping could be seen as a lower obstacle for attackers when compared to the more technically challenging hacks such as smart contract exploits or exchange hacks,” Brooks stated.
SlowMist’s 23pds concurred that SIM swapping does not necessitate high-level technical expertise. He also pointed out that such SIM swaps are “common even in the Web2 world,” so it’s “not unexpected” to witness it in the Web3 environment as well.
“It is often easier to implement, with social engineering being used to deceive pertinent operators or customer service personnel,” 23pds said.
How to prevent SIM swapping hacks?
To protect against SIM swap attacks, users must pay close attention to their identity security.
One of the most important steps in preventing such hacks is to avoid using SIM card-based methods for 2FA verification and instead use apps such as Google Authenticator or Authy. Hacken’s Budorin also suggests using multifactor authentication and additional passwords to enhance account verification.
In addition, users should take measures to protect their personal data like name, address, phone number and date of birth, and monitor their online accounts for any suspicious activity. Platforms should also be responsible for promoting safe 2FA practices, such as requiring extra verification before any changes to account information and educating users about the risks of SIM swapping.
Furthermore, users should set strong PINs or passwords for SIM cards or mobile phone accounts.
Additional reporting by Cointelegraph editor Felix Ng.
Subscribe to our email newsletter to get the latest posts delivered right to your email.
Comments