Contents
What Is a Cell Phone SIM Swap Attack?
A SIM swap attack happens when a bad actor has your SIM card information transferred from your phone onto theirs. Although this can happen if they have stolen your phone and removed the SIM card, more often this is done remotely.
Updated October 6, 2021 • 2 min read
Summary
SIM swap attacks occur when hackers attempt to gain access to your phone and lock you out with the intent to gain access to your important accounts, which may include cryptocurrency wallets. Unfortunately, if you are the victim of a SIM swap and your funds are stolen, you do not have much recourse. It is therefore important to secure your accounts to avoid compromising them in the event of a successful SIM swap.
Contents
What Is a SIM Card?
A SIM (Subscriber Identity Module) card is a removable component of most cell phones. It is inserted by your cell phone carrier (for example, Verizon or AT&T) and links the phone to a customer and associated phone number. The card itself can be removed and inserted into another phone, or the data (phone number etc.) from the SIM card on one phone can be transferred to another SIM card.
What Is a SIM Swap Attack?
A SIM swap attack happens when a bad actor has your SIM card information transferred from your phone onto theirs. Although this can happen if they have stolen your phone and removed the SIM card, more often this is done remotely.
In order to effectuate a remote SIM swap, the bad actor will either call up your phone carrier or go to a physical location of your phone carrier and pose as you. They may have obtained personal information about you from another hack or they may have an insider at the company who they can call and ask to transfer the data. Each phone carrier has different guidelines on what is required to transfer a SIM to a new phone. Once the attacker has convinced your carrier’s customer support representative to transfer your SIM card, they gain control over your phone number and will receive any calls or text messages made to that number. They will also have access to all applications downloaded on the phone, including social media and financial applications.
What Does This Have to Do with Crypto?
With our reliance on cell phones, getting SIM swapped would be a major inconvenience. However, if you have accounts that use two-factor authentication (2FA), you may also be at financial risk.
If a bad actor has obtained the username and password to your cryptocurrency account(s), they may not be able to log in if you have additional security, such as a 2FA, which sends you a text message code, email code, or phone call to authenticate a login attempt. If a hacker takes over your phone, they can change your email password and prevent you from receiving 2FA alerts. They can then request your 2FA codes be sent to their phone, which is now receiving text messages and calls to your number, and access your accounts. Before you are able to do anything about it, they can transfer your funds to their account (and then possibly onto other accounts using techniques such as coin mixing). Bad actors can also add additional devices to your 2FA, meaning your cryptocurrency account may still be vulnerable even after your phone has been recovered.
What Can I Do to Get My Funds Back?
Unfortunately, once your funds are removed from your account and are mixed into global accounts, there is little you can do.
If you own cryptocurrency, and especially if it is known to the public that you own cryptocurrency, see our guide on password and 2FA security to protect yourself from SIM swap attacks.
Cryptopedia does not guarantee the reliability of the Site content and shall not be held liable for any errors, omissions, or inaccuracies. The opinions and views expressed in any Cryptopedia article are solely those of the author(s) and do not reflect the opinions of Gemini or its management. The information provided on the Site is for informational purposes only, and it does not constitute an endorsement of any of the products and services discussed or investment, financial, or trading advice. A qualified professional should be consulted prior to making financial decisions. Please visit our Cryptopedia Site Policy to learn more.
Is this article helpful?