Hacker can hacked your crypto wallet by getting help from Telecoms Operator

[The Cryptovator]

Just now read a story about how hackers can hacked your wallet even you used 2FA. Hackers can break google 2FA if there is question of million. But recently we can see a complain about mobile 2FA. Your mobile number can be hack  by hacker. I wast thought mobile number can be hacked. Please read full details below how they hacked.

Read full details on cointelegraph

I have collect small quote from cointelegraph ,

SIM swapping is a process of leading a telecoms provider like, say, T-Mobile transferring the target’s phone number to a SIM card held by the attacker. Once they receive the phone number, hackers can use it to reset the victims’ passwords and break into their accounts, including accounts on cryptocurrency exchanges.

Occasionally, that allows thieves to bypass even two-factor authentication, as Motherboard writes. According to their investigation, SIM swapping “is relatively easy to pull off and has become widespread,” adding that “cryptocurrency accounts are common targets.”

The tactics employed by criminals to perform such hacks may vary. Sometimes, they trick customer representatives into believing they are the targets and make them hand over their data. However, as per Motherboard, fraudsters often use the so-called “plugs”: telecom company insiders who get paid to do illegal swaps. An anonymous SIM hijacker told the publication

[1715025642]

1715025642

[mk4]

The hacker gaining access to the victim's mobile number technically isn't a "hack". It's more of a social engineering attack whereas the hacker convinces the customer service representative that he/she is the victim. And yea, that's one reason why you shouldn't use mobile numbers as a 2 factor authentication method, as obviously it's quite prone to social engineering attacks.

[bitmover]

It's only possible to do this if you are using some week 2fa service.

Google authenticatior is not hackable that way.

If you are using authy and you haven't check "allow new devices" you are fine.

Anyway that's a nice warning, and everyone who keeps high amounts on exchanges should be aware about that.

[gentlemand]

I truly don't understand why anyone uses phone-based 2FA anyway. At least half the time I never receive the bloody SMS. This is an extra reason to never touch it but I think America will be worse for this as I've never had a British phone company let me in when I couldn't come up with the details. In addition to a password they often ask for numbers from your bank account as well.

[jseverson]

Yeah, SMS authentication has been exposed as a weak form of 2FA for a while now. Besides the method you've said, they can also be intercepted a number of ways:

https://www.howtogeek.com/310418/why-you-shouldnt-use-sms-for-two-factor-authentication/

As the article noted, however, some form of protection is still protection. This telco phishing attack, for one, likely won't work if you don't overshare on social media and/or if you don't give your details away to shit ICOs, barring a data leak from a trusted service. That's just one of the many reasons you should try your best to protect your identity.

[TryNinja]

Yeah, SMS authentication has been exposed as a weak form of 2FA for a while now. Besides the method you've said, they can also be intercepted a number of ways:

Look at the article just published today: SIM Swapping: How Hackers Stole Millions Worth of Crypto Via Victims Cell Phone Provider

"Terpin claims that he lost $24 million worth of cryptocurrencies as a result of two hacks that occurred over the course of seven months."

I wouldn't even bother thinking about setting up an SMS 2FA if OTP 2FA was available.

[joniboini]

I truly don't understand why anyone uses phone-based 2FA anyway.

Probably because they feel it is safe enough. I have a hunch that most people think a password is strong enough to protect their assets. According to this[1], less than one-third of Americans are using 2FA while the rest didn't even know of it. Interestingly, only less than 10% Gmail account uses 2FA.

People love to learn the hard way.

[1] https://www.cnet.com/news/why-more-people-dont-use-simple-two-factor-authentication/

[www.crypago.com]

The hacker gaining access to the victim's mobile number technically isn't a "hack". It's more of a social engineering attack whereas the hacker convinces the customer service representative that he/she is the victim. And yea, that's one reason why you shouldn't use mobile numbers as a 2 factor authentication method, as obviously it's quite prone to social engineering attacks.

lot's of things that are unconventional are referred to as "hacks". It doesn't have to be specifically a computer hack. I think you're misunderstanding how they are doing it. They are taking over peoples entire goog accounts.

[madnessteat]

For big money people are ready for everything. Therefore, it is better to keep the funds not on the cryptocurrency exchange, but on the hardware wallet. For an interesting article, thank you. I didn't even think about it.

[sprite2516]

For cases like this it might be done by those who recognize the target (the closest person)

[mk4]

The hacker gaining access to the victim's mobile number technically isn't a "hack". It's more of a social engineering attack whereas the hacker convinces the customer service representative that he/she is the victim. And yea, that's one reason why you shouldn't use mobile numbers as a 2 factor authentication method, as obviously it's quite prone to social engineering attacks.

lot's of things that are unconventional are referred to as "hacks". It doesn't have to be specifically a computer hack. I think you're misunderstanding how they are doing it. They are taking over peoples entire goog accounts.

Yes, they can take control over people's Google accounts that's for sure, through the usage of using the mobile numbers they acquired, but I was referring to the actual method how they acquired the victim's mobile number; which is through a social engineering attack. But yea I guess you could also classify it as a psychological hack.