How Easy Is It to Launch a SIM Swap Attack? How to Stop One
Despite the advancement of cyber infrastructure, there are still many risks associated with online identity, such as those related to phone number hacking.
In early July, LayerZero CEO Bryan Pellegrino was one of the latest victims of a SIM swap attack. Hackers briefly took over his Twitter account.
We are back. The last 24 hours have pretty much been my life. Luckily we saw the hack right away and the fight began pic.twitter.com/pjrkMfQ2vT
Bryan Pellegrino, @PrimordialAA July 5, 2023
Pellegrino’s Twitter account was restored shortly after he got his badge back. “I’m guessing someone pulled it out of the trash and somehow managed to get a rep to use it for SIM swapping while I was leaving Collision,” he wrote.
Pellegrino said the paper badge just said ”Bryan Pellegrino – Speaker”.
Users may assume that a SIM hack is easy to perform if they just grab someone else’s ID. AskFX contacted a few cryptocurrency security firms to see if this was the case.
What is a SIM hack?
SIM swap hacks are a type of identity theft in which attackers steal a victim’s number and gain access to their bank account, credit card, or crypto account.
The United States Federal Bureau of Investigation (FBI) received 1,600 SIM swap complaints in 2021, resulting in over $68 million in losses. Hugh Brooks, CertiK director of security operations, told AskFX that this is a 400% increase in complaints compared to the past three years.
Brooks said that unless telecom companies increase their security standards and there is no move away from SMS-based 2-FA, attacks will continue to increase.
According to 23pds, SlowMist’s Chief Information Security Officer, SIM swapping is not yet widespread but has the potential to grow in the future. He said:
As Web3 becomes more popular and attracts new people into the industry, the likelihood of SIM swapping attacks also increases due to the reduced technical requirements.
The SlowMist executive cited some recent cases of SIM swap hacks that have occurred in the crypto world. Coinbase announced in October 2021 that hackers stole cryptocurrencies from 6,000 customers due to a two-factor authentication breach. In 2019, British hacker Joseph O’Connor was accused of stealing about $800,000 worth of cryptocurrency through multiple SIM swap hacks.
How difficult is it to hack a SIM card?
According to the CertiK executive, SIM swap hacking is often done using information that is publicly available or can be obtained through social engineering.
Brooks stated that “overall SIM swapping could be viewed as an easier entry point for attackers than more technical attacks such as smart contract exploits and exchange hacks.”
SlowMist’s 23pds team also agreed, that SIM replacement does not require advanced technical knowledge. He noted that SIM swapping is “common even in the Web2 environment” and so it is ”not surprising” that it is being observed in Web3.
23pds stated that social engineering is often used to trick relevant operators or customer service representatives.
How to prevent a SIM swap?
Users must ensure their identities are protected to avoid such hacks as SIM swap attacks can be considered low technical skill by hackers.
Restricting the use of SIM card-based 2FA methods is the best protection against a SIM swap hack. Hacken’s Budorin said it’s better to use apps like Google Authenticator and Authy rather than solely relying on SMS-based methods.
SlowMist’s ”23pds” also mentions other strategies, such as B. Multi-factor authentication and advanced account verification, such as B. additional passwords. He also recommended users to create strong passwords or PINs for SIM cards and mobile phone accounts.
Protecting personal information such as your name, address, phone number and date of birth is another way to prevent SIM swaps. SlowMist 23pds recommends that you also check online accounts to see if there is any unusual activity.
CertiK’s Brooks emphasized that platforms should be held accountable for promoting 2FA security. For example, companies can require additional verification before allowing account changes and educate users about the risks of switching SIMs.
Felix Ng, editor of AskFX, contributed to this report.
