Bitcoin Forum

For the last few days, I have been getting this error message that FTX SMS services are down and therefore I am getting my 2fa code on my email.
I am writing here to know if this is only in my region or if people from different countries are facing this issue.
Also, if this is a known issue, is any timeline shared by FTX as to when it will be resolved?


https://i.imgur.com/lVahTym.png

It is terrible when you choose SMS as a method for your Two-Factor Authentication.

Sim swap attack is one of risk with SMS.
Unstable or disable of SMS receiving from foreigner senders can be a serious issue and you don't know when it will happen and how long will you have to wait until it is fixed.

If you activate 2FA, you must avoid SMS and email code. Use authenticator application and install it on a device that is not install an exchange application and have your email log in.

[Beware] Simport attack (https://bitcointalk.org/index.php?topic=5146701.0)

I'm using FTX exchange I don't experience this issue I tried to request an SMS 2FA code and I receive the code instantly without any email saying that SMS 2fa is down. The issue might be in your sim provider try other sims it might work or FTX 2fa SMS is currently not available in your country.

Why not switch to the 2fa app instead because this SMS issue is known problematic compared to using the 2fa app? Just make sure to backup the secret key.

It's region based. Keep in mind many (most? all?) service do not do SMS in house. They are contracting a 3rd party service to do it for them.
If you are sending SMS all over the world it can get very expensive very quickly. So these 3rd party services have SMS gateways all over so it's more likely to be a lack text for them.
The good side is that it saves these services money. The bad....you have no idea who is seeing / getting access to the codes.
In a bubble it does not matter. In the real world if I have access I now know phone number 123456789 is getting texts from BTC exchnages.
Hmmm I wonder if any of the data leaks have that number and a username / password.

Or as others will keep telling you SMS is not secure, and as you are seeing. Not reliable.

-Dave

This is why I find sms 2fa inconvenient as well, you have to constantly rely on these service providers... there is no need for such thing in TOTP so aside from better security, it will also save you from hiccups like this.


Try to check if your country is undergoing delays/maintenance in twilio, see: https://status.twilio.com/
According from this tweet (https://twitter.com/SBF_FTX/status/1473649062457053189), they are using them for their SMS 2FA.

You should NEVER use phone SMS as your 2fa because it can be hacked with hijacked phone numbers.
I am sure FTX exchange has normal 2fa codes for login and that can work with Aegis, AndOTP or some similar open source apps for your phone.
This way you are not connected with your SMS provider, and you can even use some applications for desktop computers as a backup option.
I would suggest changing this asap in your account, or contact support to help you with this.

Second mistake, pointed out by others here:  Using SMS for 2FA.

First mistake:  Using FTX. ::)

I will check how a sim swap works. Thanks for sharing the details and links. However, I hope that for a sim swap to happen, the hacker must be living in the same country as mine. I don't think anyone is capable of doing that here  ;)



My primary exchange is binance for doing trading and other exchange which I use after binance is FTX.
As far as i know FTX is one the most secure and good exchange. Any reason why you call this a  "First Mistake"  ???

I don’t use KYC exchanges, so my objection to FTX is mainly that they are effectually anti-Bitcoin.  Its founder wants to shove the POS scam down all our throats.

Mine is not a typical “Bitcoin maxi” position.  I used to respect Sam Bankman-Fried.  I disagreed with him about many issues, but I tend to respect highly intelligent people.  Moreover, I actually appreciated his promotion of defi—that will shock some of my friends; yes, really:  More permissionless!  No KYC!  More DEXes!  As a C coder who hates EthVM, I’ve had some fun writing on-chain programs on Solana, the SBF/FTX favoured chain.  Overall, I regarded SBF as a formidable financial shark who just might do something for the greater good—maybe.

Then, I saw this:

https://archive.ph/RN7Jo (https://archive.ph/RN7Jo) (Archival link to avoid paywall for https:// www. ft. com /content/02cad9b8-e2eb-43d4-8c18-2e9d34b443fe.)


(Why is it that they are all suddenly pushing in the same direction (https://dailyhodl.com/2022/04/29/solana-sol-founder-says-bitcoin-btc-will-witness-mass-exodus-of-users-unless-major-upgrade-is-approved/)?)

A few  years ago, I believed that POS was just a flawed consensus system that would obviously be favoured by whales.  But it is shaping up to be an attack on Bitcoin—an attack on Bitcoin’s freedom.  As I studied it and gained some experience with it, I also came better to understand how deep and deceptive the financial manipulation of POS really is.  It is intrinsically corrupt.  POS is plutocracy, a sham of fake-decentralization that centralizes everything under the control of the whales.

All in all, although I will not categorically condemn all POS projects in absolute terms, anyone who tries to push POS into Bitcoin is attacking Bitcoin:  I will respond accordingly.

SBF is also bringing to cryptocurrency bailouts and moral hazard, (https://cointelegraph.com/news/sec-s-hester-peirce-opposes-crypto-bailouts-sbf-didn-t-get-the-memo) a concept implicitly deprecated by the message in Bitcoin’s genesis block.  Well, I guess that getting rekt in liquidation is only for the little people:  Corrupt whales who undermined the BTC market with giant scams get bailed out, so that they can do it again.

If FTX is so incompetent with security that they offer SMS 2FA and then screw it up, maybe that’s an additional reason to avoid them.

On what basis do you draw a conclusion that FTX is one of the "most secure" exchanges?
I would like to be enlightened. Maybe I could get convinced to keep all my Bitcoin stash in there.

I just told that I felt FTX is a good exchange for trading. I never got any issue trading there. This does not mean that you keep you all bitcoin and crypto holding on this exchange or on any exchange. If you are not doing trading, never store any funds in any exchange.

Exchanges are there so that we can keep the minimum trading amount there and keep the rest of our portfolio in a secure wallet. That's what I do as centralized exchanges can't be trusted no matter how trustworthy are they.

I was being sarcastic (https://bitcointalk.org/index.php?topic=5280524.msg55331149#msg55331149)  :D

But you said it's one of the most secure. No or yes? If so, then why is it not safe to keep all my bitcoin stash in there?

Well, it is not safe to leave your funds in any centralized exchange, not even FTX.  The reason I said most secure is that the probability of FTX exchange to scam exit is less as compared to other small exchanges. but still, no one knows the future. I hope this is clear now.  :)

But now if we want to trade, what are the options? The decentralized platforms do not offer many features possessed by the centralized platforms.

So the only option left is to take the risk, keep a certain portion of our money in the FTX exchange, trade with that money, keep moving the profits out of the exchange, and hope that the exchange does not scam exit until we have funds stored with them  ;)

Care to elaborate why do you think it won't happen in your country? some sort of rigorous process for sim porting? For one, there were already cases of telecom employees accepting blood money from scammers as a side job so even that wouldn't stop sim hijacking. Not to mention, you could always meet a sloppy employee.

In addition, there are services providing access to numbers from various countries (lookup: sms verification/sim rental services). I imagine scammers could use something 'similar' hence, it's not necessary for them to be in the same country as you.

It differs from country to country, in some countries there is no need for any documentation just providing any ID's photocopy is enough to get a new sim with an existing number and you know we don't even have to visit the telecom offices all we need is just pay in a random shop and get it done all these in less than 30 minutes but also there have been countries where getting the sim is highly difficult there are lot of process so it depends.

But anyway using SMS 2fa is not much secured way so better go for the authenticator apps like authy.

Yes, but scammers don't always have to obtain them legally. For instance, lookup news about illegal activation of sim cards where scammers use fake/stolen personal information.

The reason for me to say this is because there is not much awareness of this hacking technique or no one will care to hack a sim as they do not know the use case for this ?  (As crypto is not being known or used by many in our part of the world)

Also, do you mean to say that only the employee of the telecom can do this sim hijacking or anyone with the required expertise can perform this evil act?

I am quite surprised that there is such a rigid refusal to use SMS service for 2fa. judging by what others think, using SMS is already half the easy way to hack an account. although I always chose SMS over Authenticator, which is tied to my mobile device and is very susceptible to failure. I repaired one device three times, just to access certain applications. even when the repair didn't justify the value of the device


as far as I know, nothing spectacular is needed there. but such a thing requires access to your device and sim card.

It's one of the most common attacks so I find it hard to believe that there isn't much awareness about it but you probably know your place better than me.

This attack has existed even before the crypto boom and any accounts connected could be targeted e.g. bank, emails, social media, etc... SMS aren't really private so you have no idea if someone is making a profile out of you based on the OTPs you're receiving.


well, you need an inside access to do it hence employees are usually targeted for it.

Never heard of such sim Hijacking I think telecom can able to read your messages but only selected staff can able to do it I guess.

There is another risky one if you already brought your phone to any phone tech there is a way to make a clone copy of the phone number only if you have the sim physically by using a sim reader you can make a clone copy of that sim.
So it is very risky if you bring your phone to any repair shop and you forgot to remove the sim card or someone near you that knows how to clone your sim card. That's very risky both of you received the same messages.

SIM cloning, SIM swap scam, SIM hijacking, port-out scam, SIM splitting, Smishing... it's all the same thing (https://en.wikipedia.org/wiki/SIM_swap_scam), just different wording, and it can happen to anyone especially in places where telecom companies are not security conscious or if the SIM swapping personnel working for telecom companies decide to conspire with the scammers.

Ok I can now understand the risk involved in using SMS as a 2fa for trading platforms but do you think that authenticators like google authenticator can't be cloned if you send your phone to a repair shop etc ? Even if you give your phone in your friend's hand for 1 or 2 mins and he can easily export all your accounts using QR code. So how secure is the authenticator in this case  ???

Not if you have your authenticator apps encrypted with strong password. They can't clone anything if they can't log in into the app, but for the sim it's quite easy since most people don't even set a sim pin code.

Also, it's advised to have 2FA apps in a different device from your log in device.