sparkystacey (OP)
Jr. Member
 Offline
Activity: 58
Merit: 4
|
 |
July 25, 2019, 05:51:33 PM |
|
One month ago, I was part of a coordinated attack on blockchain executives. (I am one of the co-founders of https://provide.services). It was shockingly easy for them to take over my accounts, despite being security conscious. They attacked dozens of others around the same time across T-Mobile, AT&T and likely others. I hope this story and the lessons learned helps you protect your crypto! https://hackernoon.com/my-sim-swap-attack-how-i-almost-lost-dollar71k-and-how-to-prevent-it-tj39q3aju |
Provide Technologies: Pioneering the decentralized platform as a service (dPaaS)—the blockchain acceleration platform. Https://provide.services
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
pixie85
|
 |
July 25, 2019, 06:35:26 PM |
|
Essentially for those who won't click and read, don't allow your passwords and 2fa to be tied to a phonenumber. Your cell provider who employees unknowing teenagers will easily bend rules and print Sims with phone numbers without proof of ownership.
It's much more important to keep your phone safe. Holding money and passwords on the phone makes it as valuable as your wallet. Would you leave your wallet at a store for people to open and play around with? I'm more interested in screening of employees at that store. It's time for them to start keeping cards locked in a cabinet with only 1 person holding the key. |
|
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3528
Merit: 9559
#1 VIP Crypto Casino
|
|
July 25, 2019, 06:50:55 PM |
|
Essentially for those who won't click and read, don't allow your passwords and 2fa to be tied to a phonenumber. Your cell provider who employees unknowing teenagers will easily bend rules and print Sims with phone numbers without proof of ownership.
This is bad news to be honest, I suggest if anybody uses online wallets etc to never text anybody about their involvement in bitcoin. There’s so many tech gifted people around willing to misuse their ‘talents’. You never know who is following your footsteps via text or call. Basically the one & only rule has always been do not leave large amounts of bitcoin on online wallet providers where your phone number is linked. In fact don’t leave any significant amount online full stop. |
|
|
|
Moshaid
Copper Member
Jr. Member
Offline
Activity: 546
Merit: 1
|
|
July 25, 2019, 07:15:21 PM |
|
This is so sad to hear, I believe this will be an eye opener for everyone seeing this news. Have learnt one or two from this and I do hope I don't fall victim of such. 100% protection of assets and wallet is not guaranteed anywhere but hopefully our funds are in safu regardless of where it is. Haha
|
|
|
|
stompix
Legendary
Offline
Activity: 2884
Merit: 6321
Blackjack.fun
|
|
July 25, 2019, 07:24:37 PM |
|
You lost me at: Even though I had my SIM replaced in 45 minutes, that provided ample time to do damage. Since I have an iPhone XR, they used Face ID to access my accounts. Face ID works on the phone level, so they added their face to result in a positive pass of Face ID, and that unlocked my account names from my iCloud. Easy peasy. Keys to the kingdom.
Exactly, face id works at a phone level, so the "hackers" getting ahold of your number means nothing. You can't add a face ID to your account when an existent one is still active, you must remove the previous and it will work only with your face. So unless the sim hijacker got also an iPhone and stick it to your face or he knew your security passcode (which is stored at phone level) he couldn't have gained access to it. Also, No really the best way to advertise your business...just saying! |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
Artemis3
Legendary
Offline
Activity: 2030
Merit: 1563
CLEAN non GPL infringing code made in Rust lang
|
|
July 25, 2019, 07:27:07 PM |
|
You should only keep spare change in a phone wallet anyway, never important amounts. Phones are vulnerable in a multitude of ways beyond this particular attack, they are almost as bad as a pc running windows.
Perhaps a hardware wallet would be wiser for less modest amounts, but for truly large amounts a cold wallet (seed words written with your own hand in a piece of paper) is a must, with the proper protocol (offline computer live linux wallet creation, etc).
|
█████████████████████████
██████████████████████████
██████████████████████████
███████████████████████████ | BRAIINS OS+| | AUTOTUNING
MINING FIRMWARE| | Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Braiins Pool | |
|
|
|
sparkystacey (OP)
Jr. Member
Offline
Activity: 58
Merit: 4
|
No really the best way to advertise your business...just saying!
This was a coordinated attack on blockchain leaders. I am also a strong proponent of the agile methodology who strives to be "less wrong" versus "right" (read: close-minded), and believe that failure is something to be socialized and a learning experience for as many as possible. The real question is what you do from failure? I'm starting here hoping that others learn and are better protected, but also am using my position to work on better tech to solve this. That's the long tail though. This is the start. If leaders don't use their position to help others, are they really a leader? |
Provide Technologies: Pioneering the decentralized platform as a service (dPaaS)—the blockchain acceleration platform. Https://provide.services
|
|
|
hugeblack
Legendary
Offline
Activity: 2506
Merit: 3650
Buy/Sell crypto at BestChange
|
|
July 28, 2019, 07:25:40 AM |
|
Essentially for those who won't click and read, don't allow your passwords and 2fa to be tied to a phone number. Your cell provider who employees unknowing teenagers will easily bend rules and print Sims with phone numbers without proof of ownership.
Sorry for your loss. It is not limited to your service provider but using the phone to verify your accounts weakens the protection of it rather than enhancing it. There are many reports about SIM Swapping and other ways that hackers can use to access your text messages and then access your account directly. hope that the user will publish a summary of this story, as randomly clicking on URLs is also a technical threat. |
|
|
|
|
Ucy
|
|
July 28, 2019, 10:00:19 PM |
|
Essentially for those who won't click and read, don't allow your passwords and 2fa to be tied to a phonenumber. Your cell provider who employees unknowing teenagers will easily bend rules and print Sims with phone numbers without proof of ownership.
Is it that easy to print SIM thesedays? Don't the network companies ask for stuff like biometric ID? It is either they are Bribed to clone the SIMs or some very influential people are doing the cloning. Good advice though on not allowing ones passwords and 2fa to be tied to a phone number. |
|
|
|
|
abeecrypto
Copper Member
Member
Offline
Activity: 242
Merit: 18
Proof-of-Stake Blockchain Network
|
|
July 29, 2019, 08:24:27 AM |
|
This is scary, but informative. Attacks coming in different form. The network providers will have to do better in securing their users against sim swapping and other related attacks. Users should also try to secure themselves against the attacks. users are the greatest weakness to all attacks.
Banks, exchanges, phone companies will have to work together to prevent all this kind of attacks. Because, more attacks will keep coming, especially as the blockchain horizon widens.
|
|
|
|
|
|
meanwords
|
|
July 29, 2019, 08:50:38 AM |
|
If I remember correctly, this also happened to a Youtuber too, I think it's h3h3. A person is able to change his number which holds his youtube account. It's scary how easily numbers could be change without the owners knowning. I mean, how low is there security for them to just sim swap without any proof of ownership? that is just absurd.
|
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5676
Blackjack.fun🎲
|
|
July 29, 2019, 09:03:00 AM |
|
I recently need to change my SIM because my new phone is not support old SIM type. I go to store of my mobile provider with ID and old SIM, and all they ask from me is my mobile number. I get new (cloned) SIM in less then 2 minutes, and I must admit that I was shocked in the manner in which this procedure is conducted. I am not talking here about some less known mobile provider, but big EU company who should protect their users much better then just giving replacement SIM cards to anyone who ask that.
Because of this experience I would never use my mobile phone number as extra protection in any service, especially not those associated with cryptocurrency.
|
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
Micerker
Full Member
Offline
Activity: 593
Merit: 100
BBOD The Best Derivatives Exchange
|
|
July 29, 2019, 09:15:02 AM |
|
This is one of the most common attacks in many years, and there is no correct way to stop it. Professional hackers can break all security. They always have new attacks to remove all layers of security to hijack the accounts of the users they want. The best way to ensure the security of your account, turn on all the security layers provided by the system. |
|
|
|
YuginKadoya
Legendary
Offline
Activity: 3038
Merit: 1169
|
|
July 29, 2019, 10:29:53 AM |
|
There are a lot of holes in the system that hackers might see especially with an undeniably weak wallet that let you store your Bitcoin and other cryptocurrencies that will be a big problem if the wallet is an online site, Hackers can sure attack anything that is connected with the worldwide web, there is no perfect online service and we should always treat them that way, And always use the site with caution because you will never when they will attack, It is better to be prepared and ready, And if it happens to you, It should become a lesson you will never forget.
|
|
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3013
Welt Am Draht
|
|
July 29, 2019, 11:11:01 AM |
|
If you use sim-based 2FA your entire financial future may hinge on how engaged some bored call centre worker on 10 bucks an hour is feeling that afternoon. That's not reassuring.
What's bizarre is how many companies don't offer alternatives when they should know the risks perfectly well. In the UK quite a few banks are now moving to making all internet banking and online shopping transactions require SMS only confirmation. There are probably hundreds of thousands of people who have no signal at home and they're not being offered landline or email as an alternative.
I quite often never get a text message arriving, or if it does it's several minutes after the window has expired. It's seriously clunky and needs to be given the boot.
|
|
|
|
|
|
