Cyber Threats, Prevent Hacks

Attackers Deploy SIM Hijacking to Breach Cryptocurrency Accounts

SIM hijacking is not a new technique in a cybercriminal’s toolbox. In fact, BlackCloak wrote about the topic only a few years ago. Since we last talked about SIM hijacking, however, the number of reported instances of the cybercrime has noticeably risen.

In early February, the FBI issued a warning about the increased number of SIM hijacking attacks. The alert noted that such attacks are increasingly being used to steal money from victims’ digital wallets and virtual currency accounts. 

To put the rise of SIM hijacking into perspective, the FBI’s Internet Crime Complaint Center (IC3) received just 320 SIM hijacking complaints from Jan. 2018 to Dec. 2020, with financial losses totaling around $12 million. In 2021 alone, the IC3 received 1,611 SIM hijacking complaints, accounting for more than $68 million in financial losses.

What is SIM hijacking?

SIM hijacking occurs when cybercriminals take control of the SIM card controlling a victim’s phone number. Cybercriminals have two primary methods to perform such an attack. First, they can social engineer a mobile provider support representative and request the targeted phone number be transferred to a SIM card under their control. 

Another common attack method is to hack into a victim’s mobile carrier account and do a phone number “port.” This moves the phone number from the victim’s account to the attacker’s mobile account of their choosing.  

Once the victim’s mobile phone number is in an adversary’s possession, cybercriminals can route calls and text messages to devices that they control. This can give them access to email accounts, bank accounts, and cryptocurrency accounts, which can then be compromised to reset passwords and reroute two-factor authentication codes.

Hackers can access cryptocurrency accounts quickly

Let’s say a cybercriminal has successfully hijacked your SIM card and gained complete control over your phone number. Next, they would need to compromise the email that your crypto account is tied to. This is low hanging fruit for most cybercriminals. Email credentials are frequently publicly available, can be obtained via a data breach, or captured in a phishing scheme. 

Even as more and more people are at heightened alert for malicious emails, over 90% of all cyber attacks begin with email phishing. Compromising crypto wallets is no different. Hackers need to commandeer your account credentials to reset the password to your cryptocurrency accounts.

For skilled hackers, the entire process can be completed in a matter of minutes, and digital currency can begin to flow into their own wallets. 

Why hackers target cryptocurrencies

Cryptocurrency is decentralized, meaning no one entity has authority over the currency. This can be beneficial when anonymity is warranted, but it is problematic when online fraud and theft comes into play.

When cryptocurrency is stolen, victims have almost no recourse to get their money back. Since there is no centralized authority in charge of cryptocurrencies, victims have, up to this point, been left on their own to try and recover their stolen money. 

And the numbers bear it out. All of these factors have resulted in a sharp increase in cryptocurrency theft. A report from Chainalysis found cybercriminals stole $3.2 billion in cryptocurrencies last year, a five-fold increase from 2020.

But there may be help on the horizon. The FBI is launching a “virtual asset exploitation” unit to combat crypto-related crimes, and the agency has been able to successfully recover cryptocurrencies paid out in ransomware attacks. While it may take some time, it looks like there is legitimate progress in handling stolen cryptocurrencies.

What you can reduce your risk of SIM hijacking

The FBI recommends individuals avoid posting about their financial assets online and to never provide mobile number account information over the phone to anyone asking for a password or PIN. 

In addition to the FBI’s advice, BlackCloak recommends users avoid linking any crypto accounts to their personal phone numbers. If you have already done so, remove your phone number as soon as possible.

To limit your risk of falling victim to a SIM hijacking attack, it’s a good idea to start with protecting your mobile provider account. Make sure the password you are using for the account is long and complex, meaning it should include capital letters, numbers and symbols and does not contain any common phrases. Do not reuse any passwords you have in place for other services. It is also a good idea to set up a PIN for your mobile provider account and to use an authenticator app, and not your phone number or email, for two-factor authentication.

You can also take steps to protect yourself in the event your phone is stolen. BlackCloak also advises our clients to use a SIM PIN, a four-digit code that helps prevent an unauthorized person from accessing your SIM card. When a SIM PIN is activated, a prompt will appear for the code whenever a device is restarted, or a SIM card with a PIN attached is inserted, for the first time. 

For example, if a cybercriminal were to take the SIM card out of a victim’s device and place it into one they controlled, the SIM PIN would block them from accessing it. SIM PINs are an effective way to prevent unauthorized users from compromising your digital currency accounts and would also stop them from accessing any other sensitive information.

Should you find yourself as a potential victim of SIM hijacking, the FBI recommends contacting your mobile carrier immediately, as well as your financial institution to place an alert on your accounts. 

Be sure to also learn about the additional ways you can protect your phone number from theft, as it will likely always be a data point cybercriminals will have in their sights.