SIM hijacking has been an age-old technique used by hackers, and they are now targeting digital currencies as the security and traceability of crypto-exchanges keep failing.
South Korean exchange Coinrail recently faced a breach in June and investors lost about $37 million. Exchanges like Bithumb and Bancor have also fallen victim to hackers since then.
A study by CipherTrace shows that just the first 6 months of this year alone saw about $761 million stolen from exchanges.
However, in one of the first instances of SIM hijacking being used to steal cryptos, 20-year-old California student Joel Ortiz managed to make a theft of more than $5 million from around 40 investors.
Allegedly, Ortiz managed to hijack the phones of his victims from data gathered from social media. This way he was able to claim himself the owner of “lost” phones, and then answer the required security questions to obtain alternate SIM cards.
Using these new cards, Ortiz and his accomplices managed to reset the passwords of the victims, and gain sole access to their online crypto accounts, which were obviously emptied. One investor alone claims losses of over $1.5 million.
Ortiz got arrested back in July. There are now 13 counts of ID theft, 13 counts of hacking, and 2 counts of grand theft against him.
While this case may have been one of the first major ones to come to light, there might just many more such hackers according to authorities who have yet to be brought to court.
Investors have been advised to withhold their crypto holding info from social media, and to most definitely not post their mobile numbers online. Many believe that phone companies too are responsible for protecting their customers from such thefts.
CEO of crypto trading and analysis firm Svandis Hermann Finnbjörnsson says:
“Non-crypto services rely on cell phone authorisation as well, like traditional banks. Mix private information, like address and date of birth, with access to a cell phone number, and the average consumer could be stripped of everything.”