Cosine: The Coinbase account encounters a SIM card transfer attack, and the mobile phone number becomes the weakness of the attack.

On the afternoon of May 27th, the founder of Slow Mist Technology Co., Ltd. issued a document on the recent SIM card transfer attack on the digital currency trading platform. Someone’s Coinbase account suffered SIMPortAttack (SIM card transfer attack) a few days ago, and lost more than 100,000 US dollars. Digital currency, very painful. The attack process is probably: the attacker obtains the privacy of the target user through social engineering and other methods, and deceives a new SIM card to the operator, and then easily obtains the target user's authority on the Coinbase through the same mobile phone number. SIM has been transferred, which is very troublesome. Basically, many of our online services are secondary verification or direct authentication by mobile phone number. This is a very centralized authentication method, and the mobile phone number becomes an attack. weakness. This attack has many cases in China before, and the operator's risk control strategy is getting stronger and stronger, but the strategy has always been bypassed. This method is mainly social engineering, and of course, the combination of other methods is not excluded. .