It shouldn’t come as a surprise that SIM hijackers who target cryptocurrencies are innovating. Usually, the most preferred targets are people with cryptocurrencies who have little to no technical knowledge. Recently however, SIM hijackers have definitely upped their games and the level of their targets.

Sean Coonce is the engineering manager at BitGo and he recently fell victim to SIM hijackers. In a brave move, Coonce publicly stated that he lost more than $100 000 from his Coinbase account. The entire process took less than 24 hours and there were no indications that the theft was ongoing.

Coonce is definitely knows his way around technology. He believes that the SIM hijackers managed to port his SIM card to a device under their control. The first sign was that he lost service on his smartphone. Soon afterwards, he attempted to sign into his Google account but the access was denied.

SIM Hijackers must work quickly

During this time, the attackers had already begun the password recovery process for his Coinbase account. Due to security procedures, the password reset link can only be sent after 24 have passed since the request was initiated. One flaw that the SIM hijackers knew how to exploit however, was that the email can basically be deleted. This eliminates any trail of the correspondence with Coinbase.

Coonce initially believed that the SIM card problems arose due to him dropping his smartphone. He acquired a new SIM card the next day and believed that the problem was solved. The same evening, his coverage disappeared again and he got a lot of messages telling him to log into his Google account.

He decided to leave the problem for the next day. Unfortunately, the password reset was complete and his Coinbase wallet was quickly drained. Cryptocurrencies were also purchased with Coonce’s funds and later moved to a non-Coinbase on-chain address.

SIM-swap incidents are occurring more than ever. Some SIM-swaps are an inside job, but usually they happen entirely on the outside.

A few weeks ago, prosecutors from US Attorney’s Office for the Eastern District of Michigan charged multiple people who were believed to be SIM hijackers. Apparently, their activities were more than fruitful since they managed to rack up more than $2.4 million. A few of them were working for a wireless carrier and were the above mentioned inside men.

Coonce remained extremely calm and collected and attributed the incident to his own lack of preparations. He stated:

“I fully understood the risk for my profile. I didn’t take online security seriously enough and was too lazy to secure my own assets.”

You can also check out:

 

Categories:

Scams

Share This