{"id":12673,"date":"2023-07-17T07:14:45","date_gmt":"2023-07-17T07:14:45","guid":{"rendered":"https:\/\/cryptoheretostay.com\/?p=12673"},"modified":"2023-07-17T07:14:46","modified_gmt":"2023-07-17T07:14:46","slug":"how-easy-is-a-sim-swap-hack-and-how-does-one-guard-against-it","status":"publish","type":"post","link":"https:\/\/cryptoheretostay.com\/?p=12673","title":{"rendered":"How easy is a SIM swap hack and how does one guard against it?"},"content":{"rendered":"<script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"crypto\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script>\n<p>Despite the rise of cybersecurity infrastructure, the online identity still faces many risks, including those related to the hacks of one\u2019s phone numbers.<\/p>\n<p>In early July, LayerZero CEO Bryan Pellegrino became one of the latest victims of a SIM swap attack, which allowed hackers to briefly take over his Twitter.<\/p>\n<p lang=\"en\" dir=\"ltr\">And&#8230; we&#8217;re back in. This was basically my life for the past 24 hours. Luckily we saw hack immediately and the battle began pic.twitter.com\/pjrkMfQ2vT<\/p>\n<p>\u2014 Bryan Pellegrino (@PrimordialAA) July 5, 2023<\/p>\n<p>\u201cMy guess is that somebody grabbed my badge out of the trash and somehow was able to trick a rep into using it as a form of ID for the SIM swap while I was leaving Collision,\u201d Pellegrino wrote soon after having his Twitter account back.<\/p>\n<p>\u201cIt was \u2018Bryan Pellegrino \u2014 speaker\u2019 just your normal paper conference badge,\u201d Pellegrino told Cointelegraph.<\/p>\n<p>The incident involving Pellegrino\u2019s mishap may lead to users assuming that performing a SIM swap hack is as easy as just grabbing someone\u2019s badge. Cointelegraph has reached out to some cryptocurrency security firms to find out whether that\u2019s the case.<\/p>\n<h2>What is a SIM swap hack? How big is it?<\/h2>\n<p>A SIM swap hack is a form of identity theft where attackers take over a victim\u2019s phone number, allowing them to gain access to bank accounts, credit cards or crypto accounts.<\/p>\n<p>In 2021, the Federal Bureau of Investigation received more than 1,600 SIM swapping complaints involving losses of more than $68 million. This represented a 400% increase in the number of complaints received in the three prior years, indicating that SIM swapping is \u201cdefinitely on the rise,\u201d CertiK\u2019s director of security operations Hugh Brooks told Cointelegraph.<\/p>\n<p>\u201cIf there is no move away from SMS-based 2FA and telecommunications providers do not lift their security standards, we are likely to see attacks continue to grow,\u201d Brooks stated.<\/p>\n<p>According to SlowMist chief information security officer (CISO) 23pds, SIM swapping is currently not too widespread, but it has a significant potential to rise further in the near future. He stated:<\/p>\n<p>\u201cAs the popularity of Web3 grows and attracts more people into the industry, the likelihood of SIM swapping attacks also increases due to its relatively lower technical requirements.\u201d<\/p>\n<p>23pds mentioned a few cases involving SIM swap hacks in crypto over the past few years. In October 2021, Coinbase officially disclosed that hackers stole crypto from at least 6,000 customers due to a 2FA breach. Previously, British Hacker Joseph O\u2019Connor was indicted in 2019 for stealing roughly $800,000 in crypto via multiple SIM swap hacks.<\/p>\n<h2>How hard is it to perform a SIM swap hack?<\/h2>\n<p>According to CertiK\u2019s exec, SIM swap hacking can often be done with information that is publicly available or can be obtained through social engineering.<\/p>\n<p>\u201cOverall, SIM swapping might be seen as a lower barrier to entry for attackers when compared to the more technically demanding attacks like smart contract exploits or exchange hacks,\u201d Brooks said.<\/p>\n<p>SlowMist\u2019s 23pds agreed that SIM swapping doesn\u2019t require high-level technical skills. He also noted that such SIM swaps are \u201cprevalent even in the Web2 world,\u201d so it&#8217;s \u201cnot surprising\u201d to see it emerge in the Web3 environment as well.<\/p>\n<p>\u201cIt is often easier to execute, with social engineering being used to deceive relevant operators or customer service personnel,\u201d 23pds said.<\/p>\n<h2>How to prevent SIM swapping hacks?<\/h2>\n<p>As SIM swap attacks are often seen as non-demanding in terms of hackers\u2019 technical skills, users must pay due diligence to their identity security to prevent such hacks.<\/p>\n<p>The core protection measure from a SIM swap hack is to restrict the usage of SIM card-based methods for 2FA verification. Instead of relying on methods like SMS, one should better use apps like Google Authenticator or Authy, Hacken\u2019s Budorin noted.<\/p>\n<p>SlowMist CISO 23pds also mentioned more strategies like multi-factor authentication and enhanced account verification like additional passwords. He also strongly recommended users to establish strong PIN or passwords for SIM cards or mobile phone accounts.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Over $765K worth of NFTs stolen after SIM swap attack on Gutter Cat Gang<\/em><\/strong><\/p>\n<p>Another measure to avoid SIM swapping is to properly protect personal data like name, address, phone number and date of birth. SlowMist CISO also recommended scrutinizing online accounts for any anomalous activity.<\/p>\n<p>Platforms should be also responsible for promoting safe 2FA practices, CertiK\u2019s Brooks stressed. For example, firms can require additional verification before allowing changes to account information and educate users about the risks of SIM swapping.<\/p>\n<p><em>Additional reporting by Cointelegraph editor Felix Ng.<\/em><\/p>\n<p><strong><em>Magazine: <\/em><\/strong><strong><em>Asia Express: China expands CBDC\u2019s tentacles, Malaysia is HK\u2019s new crypto rival<\/em><\/strong><\/p>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"bitcoin\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<br \/><a href=\"https:\/\/cointelegraph.com\/news\/crypto-sim-swap-how-easy-is-sim-swap-crypto-hack\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Despite the rise of cybersecurity infrastructure, the online identity still faces many risks, including those related to the hacks of one\u2019s phone numbers. In early July, LayerZero CEO Bryan Pellegrino became one of the latest victims of a SIM swap attack, which allowed hackers to briefly take over his Twitter. And&#8230; we&#8217;re back in. This [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12674,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[2],"tags":[],"class_list":["post-12673","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bitcoin-news"],"_links":{"self":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12673"}],"version-history":[{"count":1,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12673\/revisions"}],"predecessor-version":[{"id":12675,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12673\/revisions\/12675"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/media\/12674"}],"wp:attachment":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}