Towards the end of February 2020, a man known as Josh Jones, founder of Dream Host, lost $45 million worth of cryptocurrency in a single attack. His loss consisted of $30 million worth of Bitcoin Cash and $15 million worth of Bitcoin. As brutal and unbelievable as it may sound that a single person could lose so much in one night, these kinds of attacks are simple to carry out and has happened many times before. Given that SIM hacks are common yet dangerous, it is crucial for crypto holders like you to understand what it is and how to prevent it.
The SIM Hack Explained
As mentioned, the SIM Hack (AKA Sim Port Attack) is quite simple to carry out and, unlike other types of hacks, does not require technical and computer skills.
As the name suggests, the SIM Hack originates from the SIM card, more specifically, the phone number. Commonly, your phone number is used to sign up for many services that you use, including your email. Your email is also used to sign up for many other services. Therefore, to access all of your accounts, the hacker simply needs access to your phone number. The hacker can then request a password change on your accounts and receive the 2-FA code SMS from your phone number to reset all of your passwords.
So how do the hackers get their hands on your phone number? First of all, once you become a target, your identity, information, and online accounts are thoroughly researched. Once they are sure that they can pretend to be you, they contact your phone's service provider to request a SIM Porting Authorization. SIM porting allows your phone number to be ported to another device (the hacker's device).
(SIM Porting is common among service providers. People change phones and switch service providers all the time, so SIM Porting is a reasonable service to have.)
By successfully pretending to be you, the service provider will transfer access to your phone number to another phone owned by the hacker. All they had to do now is request password change on your email and other accounts to trigger the 2-FA.
The SIM hack is straightforward to do and can be done by anyone close to you. Crypto exchanges, online banking accounts, and more rely on the 2-FA system. Therefore, not only your crypto but your money and other private information online is at risk.
The diagram below explains in steps how a SIM Port Attack occurs:
The SIM Hack Can Be Prevented
Protect Your Crypto Using a Hardware Wallet / Cold Wallet
It is always the best choice to protect your cryptocurrency by storing them on a hardware wallet and not on exchanges. Hardware wallets protect you from almost all kinds of threats, SIM Hack included.
Store your cryptocurrency in a quality hardware wallet like the ELLIPAL Titan Cold Wallet. It stores your cryptocurrency entirely offline and never connects with your email or phone number. Even if you are targeted for a SIM hack, your coins are 100% safe.
Do Not Share Your Information Needlessly
Do not give away your personal information too easily. Spend more time to study the privacy policies and why your data is needed when you visit a website. Try to know which information is required for a SIM Port and don't give those away.
Most importantly, don't let people know how much Bitcoin or money you have. It is best not to be a target in the first place.
Use Something Stronger Than SMS 2-FA
There are services like Google Authenticator or Google Voice that are better than SMS 2-FA. You can also purchase yourself a password manager service.
Purchase an ELLIPAL Titan wallet to secure your cryptocurrency
Credits: Diagram is taken from Coinmonks
1. Ledger Nano X vs. ELLIPAL Titan
2. Hardware Wallets vs. Cold Storage Wallet