Hackers, scammers, or criminals? Whatever you want to call them, they are a persistent problem for the crypto community. From Ponzi schemes like Onecoin to national governments, like North Korea, hackers have taken many forms and made millions at the expense of the innocent.
For obvious reasons, hackers have been rare in speaking out about their actions. However, Daniel (not his real name) has spoken to the Chinese media site, Jinse, about how he makes his money and the morality of his work.
The SIM swap technique
Daniel uses the ‘SIM swap’ technique. This technique involves various steps to gain access to the victim’s phone and email address, which will then allow them to gain access to the digital wealth held in exchanges.
The technique begins with the hacker calling the mobile phone company claiming they had lost their (the victim’s) SIM card and asks to redirect the phone number to their new SIM. They can then access your email address by pressing the forgot password and authenticating the password change through the mobile number which they control.
After this process is completed, they can easily log in to your cryptocurrency account and steal all your encrypted assets. This is because many like to keep a copy of their key (such as a private key) in their email account. Once a hacker enters into your account, they can control your encrypted wallet and steal all your cryptocurrencies.
The SIM card swap scam is well known. The hacking method is said to have caused millions in losses from crypto exchanges and users. Daniel claims to have made considerable amounts of money from the scam despite not doing it often.
“I am not particularly active. I only attacked about 20 people and got $500,000, but they don’t know who I am (laughs)”
Other hackers have been more active than Daniel. Earlier this month, nine people were arrested and six charged with plotting to steal Bitcoin in Michigan using the SIM swap scam. The group which had members from the US and Ireland had named themselves “The Community.”
Immoral or just an opportunist?
Stealing money from people is an evil act to commit and for most, morally unjustifiable. Daniel appears to feel no remorse for his actions. The faceless nature of the crime is what allows Daniel to sleep at night.
“Well, you don’t feel anything. You will never see that person, and everything is anonymous so you won’t feel guilty,” he said.
If they are always going to be remorseless hackers, then surely the phone companies should be stricter and vigilant. American entrepreneur and cryptocurrency investor Michael Terpin certainly seem to think so.
Terpin sued AT&T, the largest fixed-line telephone service provider in the US, demanding compensation to the tune of $224 million, after being a victim of a SIM swap attack last year which saw him lose $23.8 million in cryptocurrency.
Daniel believes the phone companies are powerless to stop the scam and “there are always ways for them to believe in you”. While Terpin wanted to pin his loss on AT&T, “Mr. Terpin is wrong, and we have asked the court to dismiss his complaint,” the mobile company said.
Coincidentally, the hacker who attacked Terpin called, Nicholas Truglia, was ordered by the Californian high court to pay Terpin $75.8 million in punitive damages last week. Joel Oritz was the first person to be arrested and jailed for a SIM swap scam earlier this year further showing the depth of this scams in the crypto industry.
This is clearly a huge problem within the community. The problem with this form of attack is the lack of equipment or skills needed. Unlike say, the Binance hack, which occurred this month, the SIM card scam can be done by the boy next door. A convincing story is all it seems to take.
How to save yourself from the SIM swap attack
Robert Ross, a victim of Truglia who lost $1 million in the scam, has set up a website to raise awareness, StopCrime.org. The site advises how to evade SIM swap scams.
The main tips are, instead of using a mobile phone number for two-factor authentication, use Google or Authy instead and store your cryptocurrency outside the exchange using a hardware wallet such as Ledger or Trezor. The final and most important is to insure your cryptocurrency.
The ways to stop being a victim seems reasonably easy. However, it would seem that many are failing to take these necessary precautions. This is why Daniel believes, “it’s your fault.” With characters like Daniel, The Community, and Truglia taking the necessary precautions is the way forward.