The hacker personally said: "It is your business to go bankrupt!"

“It’s your own fault to squander your family!”

– a hacker

Cryptographic currency is difficult to track, and in most cases, cryptocurrency is also unregulated, based on a decentralized blockchain network. This means that once the cryptocurrency is stolen, it is basically impossible to get it back. So… The cryptocurrency has become a very popular target for hackers.

Recently, a hacker named Daniel revealed in an interview that he used "SIM swap scam" to bypass the dual authentication and steal a total of $500,000 in cryptocurrency.

The fraud process is simple and requires only 3 steps:

  • First, the hacker called the telecommunications company and cried that his own (actually yours) SIM card was lost;
  • Then they ask to redirect your phone number to their mobile number;
  • Finally, by intercepting the two-factor authentication text or stealing the password stored in the email account.

This way, they can easily log in to your cryptocurrency account and steal all your encrypted assets.

Just a group of bad luck

Tens of millions of dollars of cryptocurrencies are stolen each year through SIM card exchange fraud.

Although there are more or less protocols in the telecommunications company to prevent this from happening, Daniel said that as a hacker, they can easily bypass these protocols.

" There are always ways for them to believe in you . For example, you call to pretend to work at Tele2 (a Swedish telecom company) and then ask them to forward a number for you. You don't need to make a lot of calls before you learn to "disguise". Go to practice deliberately."

Once the number is redirected, the hacker can also use the "forgot password" option in Gmail or Outlook. You can also get a verification code by calling your phone by voice.

Daniel also revealed that many people like to keep a copy of their key (such as a private key) in their email account. Once a hacker hacks into your account, you can control your encrypted wallet and steal all your cryptocurrencies. .

When Daniel committed a crime, he even found the password of the digital currency exchange, which made it easy for him to enter the exchange and transfer his encrypted assets as "unlucky" to his wallet.

It’s your own fault to go bankrupt

Daniel defends his bad deeds by constantly accusing the victims of not using better security measures.

"Well, you don't feel anything. You will never see that person, and everything is anonymous, so you won't feel guilty."

Stealing cryptocurrencies by hijacking mobile phone numbers has become an increasingly serious and dangerous phenomenon. As part of the legal action, three mobile phone operators were also accused of accepting bribes.

$7.5 million, 10 years in jail

Last week, the California High Court ordered the 21-year-old fraudster Nicholas Truglia to pay Terpin $75.8 million in damages and punitive damages.

Earlier this month, nine people from Michigan were accused of plotting to steal a digital currency worth about $2.4 million by hijacking a SIM card. The hacker gangs are spread across the United States and Ireland and call themselves "The Community."

Earlier this year, a 20-year-old Californian man named Joel Oritz became the first person to be jailed for hijacking a SIM card. He admits stealing more than $5 million in assets from victims by stealing sensitive data from 40 user SIM cards.

Last year, American entrepreneur and cryptocurrency investor Michael Terpin filed a lawsuit against AT&T (the largest fixed-line telephone service provider in the US and the largest mobile phone service provider), demanding compensation of $200 million because AT&T was negligent due to work. The hacker was allowed to steal his account, thus losing $23.8 million in cryptocurrency.

In his complaint letter, there is a saying: "What AT&T did was like a hotel giving a thief a room key and a room safe key, letting the thief steal the jewelry in the safe. Ignorance."

Combat SIM card crime

Robert Ross is another victim of the Truglia incident, who lost $1 million in the scam. In January of this year, he collaborated with several other victims to create a website called "Stop SIM crime" to raise awareness of such dangers.

"This is a cyber crisis that is going crazy and spreading," Ross said. "I also believe that there are certain operators' credits."

Fortunately, SIM card exchange fraud is relatively easy to guard against. Mainly from the following 2 points to prevent:

  • Instead of using a mobile phone number for two-factor authentication, use Google or Authy instead;
  • Store your cryptocurrency outside the exchange using a hardware wallet such as Ledger or Trezor;

Of course, you can also insure your digital currency.

The cryptocurrency industry still lacks security

According to a recent report from The Block website, more than $ 1.35 billion in cryptocurrencies were stolen from the exchange. Despite this, the cryptocurrency industry with a market capitalization of $229 billion is still seriously lacking in insurance business.

Last November, a report from Coindesk showed that the total amount of insurance for crypto exchanges and custodians was only about $ 6 billion .

If you compare this figure to the multi-billion dollar daily trading volume of major exchanges (such as the currency security, its 24-hour trading volume can be as high as 1.6 billion US dollars), this figure is simply a slap in the face.

But fortunately some people are already trying hard.

For example, a company is offering up to $50 million in insurance for customers who use its cryptocurrency wallet. The goal is to provide property protection for users who use their wallets when external security breaches or malicious attacks occur.

Of course, the insurance business of cryptocurrency is charged, and there are some packaged packages. Users need to choose a package according to their individual needs and pay a certain fee.

If the digital currency in the user's wallet is stolen, the insurance company will compensate accordingly. However, users are not compensated under any circumstances.

For example, for companies that are too loose in their risk control mechanisms, they need to consider whether they are compensated at the price. The security of users is more dependent on themselves.

"I am not particularly active. I only attacked about 20 people and got $500,000, but they don't know who I am (laughs) ."

Author | George

Produced | Blockchain Base Camp (blockchain_camp)