SIM SWAP ATTACK: THE OLD CRYPTO SCAM METHOD REAWAKENED

[asawale]

SIM swap attack is a process through which a 3rd party gets an authorized access to your phone number, giving them access to your calls and messages on the SIM card.
SIM swap attack is an old scam trick current reigning again as a means of stealing from cryptocurrency investors' or traders' exchange account of those using their phone number as the authenticator to sign into their accounts.
It is reported that over $13M worth of cryptocurrency assets have been stolen from about 50 people just in 2023.

The scammers swap or steal your phone number from you to gain access to your cryptocurrency account and steal your fund.

How to protect yourself from such an attack includes
1. Keeping your funds in an uncompromised personal, non-custodial or hard wallet.
2. Use an app based 2FA authenticator like Auth, google authenticator, aegis and so on
3. Enable a SIM card PIN protecting your SIM card from getting accessed without your consent.

Stay safe.

[jossiel]

It is not a new scam method in the community but it has been happening continuously and many still becomes a victim of it.

How to protect yourself from such an attack includes
1. Keeping your funds in an uncompromised personal, custodial or hard wallet.

Not custodial but non custodial wallets. Because if you say custodial, those are the wallets where you don't have any control. Just like the exchanges and any other wallets online where you are not given the private keys.

[Tytanowy Janusz]

Its not a new scam. Even Jack Dorsey (former twitter ceo) was scammed that way in 2019. According to wikipedia this scam method became popular in 2018 but starting from that date, the annual number of scams carried out in this way has been steadily increasing until now. So even though the scam is not new, it's still good that you inform about it.

[Apocollapse]

Hardware wallet is good as long as you choose the good one and open source, don't use ledger.

2. Use an app based 2FA authenticator like Auth, google authenticator, aegis and so on
3. Enable a SIM card PIN protecting your SIM card from getting accessed without your consent.

Don't use google authenticator, it's a bad 2FA because there's no privacy.

Enabling PIN protection will not gonna help, what you should do is never link phone number in order to access your wallet. This also applicable to email, you shouldn't use email in order to access your wallet.

[gurunanakji777]

We should always exercise extreme caution to avoid becoming victims of such situations. Personally, I use a hardware wallet to keep my assets secure, and I haven't encountered any problems in the last five years. It's important to enable 2FA/Google Authenticator on all our wallets and email accounts to safeguard ourselves against potential hackers.

[Bitstar_coin]

I think the best way to avoid this problem is for people to stop enabling SMS verification because without SMS verification your crypto activities will not be connected to your SIM card.
And again, the idea of reassigning some unused sim cards to new users is very risky, I think this is what most telecom providers should look into, before reassigning an old sim card to a new subscriber more investigation should be carried out about the previous user to avoid exposing sensitive info to the wrong person. 

[Huppercase]

SIM swap attack is a process through which a 3rd party gets an authorized access to your phone number, giving them access to your calls and messages on the SIM card.
SIM swap attack is an old scam trick current reigning again as a means of stealing from cryptocurrency investors' or traders' exchange account of those using their phone number as the authenticator to sign into their accounts.
It is reported that over $13M worth of cryptocurrency assets have been stolen from about 50 people just in 2023.

The scammers swap or steal your phone number from you to gain access to your cryptocurrency account and steal your fund.

How to protect yourself from such an attack includes
1. Keeping your funds in an uncompromised personal, non-custodial or hard wallet.
2. Use an app based 2FA authenticator like Auth, google authenticator, aegis and so on
3. Enable a SIM card PIN protecting your SIM card from getting accessed without your consent.

Stay safe.

There is an increased theft of sim, mostly to target people. When scammers knows that you are into crypto, they will target you as they will feel that you have one or two security patch with your phone number. This is why phone numbers are the littlest options to secure centralized exchanges or anything that has to do with your sim card. I think there are apps like Authy, not to be confused with google authy because Google Authy stored your security pin to google icloud while the other(AUTHY) doesn't do all of that, just your mobile number required for an account.

Number 3 doesn't gurantee anything. Some sim swap hackers sometimes have insider person inside telecommunication companies, so even if you used PIN on your sim, they can get your pin reset if the company has bad actors that jointly carryout this operations. The best solution to this is to disengage from using mobile number for extra security because you don't know a day that you may misplaced your phone without switching it off, your sim access without pin requirement if it doesn't switched off before they got it.

[asriloni]

Someone has ever created a threat regarding this kind of attack a few years ago https://bitcointalk.org/index.php?topic=5146701.0

He has been also mentioning complete guide about how to avoid it as well. It's not newest crypto scam method but if you are new in the crypto and you may familiar with it this time.
That's why you called that as a new crypto scam method.

Keeping your money in the custodial wallet is a very wrong step to avoid this kind of attack. I don't know if there are still many people are still trapping in this kind of scam method according from what you have written above.

[vv181]

SIM swap attack is an old scam trick current reigning again as a means of stealing from cryptocurrency investors' or traders' exchange account of those using their phone number as the authenticator to sign into their accounts.

SIM swap attack is widely used to bypass the platform/service account verification by unauthorised parties, it does not specifically used for an exchange account but beyond that, the usage is widespread across many platforms and services that are not solely for exchange site purposes.

It is known that SMS-based verification is flawed and insecure, one thing that some platforms are able to contribute to secure their user safety is to prohibit or disable this feature.

It is reported that over $13M worth of cryptocurrency assets have been stolen from about 50 people just in 2023.

Where does that number come from, any sources? And who is the 50 people you claimed?