After a period of relative quiet during the first part of this year, “CryptoTwitter” started lighting up late last month with reports of a spate of SIM-swap hacks being waged against known American personages in the crypto investing world, ZDNet reports.
Sim Swapped. Phone number ported. Thanks @TMobile
That’s at least 15 of us in the crypto community in the last week.
— Andrew Kang (@Rewkang) June 1, 2019
Fuck I am getting sim swapped.
— 👹 Cassandra Shi (@cassshih) May 25, 2019
In a SIM-swap hack, attackers take control of a victim’s cell phone and use the phone’s 2FA (2-factor authentication) application to access an owner’s personal accounts, including social media, cryptocurrency exchange and cryptocurrency wallet accounts.
Some of the CryptoTwitter personalities reported that they had successfully repelled attacks against their crypto accounts, but that their social media accounts had been taken over and that hackers were using them to solicit cryptocurrencies from their followers:
My phone was hacked.
Hacker logged into my @telegram account and messaged a bunch of folks asking for BTC.
PSA: If you got a message from me asking for BTC, that was not me.
— Preethi Kasireddy (@iam_preethi) May 25, 2019
Police officers working for the Santa Clara, California-based REACT (Regional Enforcement Allied Computer Team) task force were remarkably efficient in 2017 and 2018 at identifying, arresting and prosecuting more than a dozen prolific SIM-swap conspirators in the US and abroad who collectively stole millions from their victims.
Many of those culprits, including, 21-year-old New Yorker Nicholas Truglia and 18-year-old Boston-area high school valedictorian Joel Ortiz, are now in custody, and Ortiz is serving a ten-year prison sentence.
In November of last year, REACT Task Force Detective Caleb Tuttle told Krebs on Security that most SIM-swap hacks appeared to be being abetted by telecom employees:
“Most of these SIM swaps are being done over the phone, and the notes we’re seeing about the change in the [victim’s] account usually are left either by [a complicit] employee trying to cover their tracks, or because the employee who typed in that note actually believed what they were typing,’…(after being) tricked by a complicit co-worker at another store who falsely claimed that a customer there had already presented ID.”
CryptoTwitter personage Chris Robison tweeted about a recent series of SIM-swap attacks he experienced and also claimed the attacks featured evidence of collaboration with and a cover up by a telecom insider:
I haven't gone public yet but I had three on me personally in the past week. Submitted an FBI report. All sign point to an inside job at the cell company. Phone records were wiped clean for an entire day and "recorded for quality and training purposes" settings were turned off.
— Chris Robison (@CBobRobison) May 25, 2019