The crypto community is still reeling from the news of an alleged theft of $45 million worth of crypto from an investor through a SIM-swap attack. The attack is thought to have been a $30M Bitcoin Cash Attack and a $15m Bitcoin attack.
Using the username zhoujianfu, the alleged victim of the attack posted a link to the transaction history of Bitcoin Cash on Reddit’s Bitcoin community platform, adding: “is my address, goddamnit. It only had three confirmations, if any miners/the community can help somehow, I’ve got the private keys. Help help help…big reward, obviously.” He added, “Also for what it’s worth, they got $15m in BTC too…” The first post has since been deleted. The Reddit account appears to belong to Dreamhost founder, Josh Jones.
Due to the sheer magnitude of the attack, many community members had trouble believing its legitimacy. Some believed it was a troll attempt while others thought it was negligent to entrust crypto holdings in a SIM company.
What is a Crypto Sim Hack?
A crypto SIM attack happens when someone pretends to be you and convinces your mobile service provider that you have to transfer your phone number into a new phone. In reality, they’re taking your phone number and associating it with a different SIM card in their possession.
You’ll know a SIM attack is successful when your phone stops registering the four network bars, and you can’t call or receive a call. Once a hacker gains control of your number, any information tied to it is now in their hands, including data, phone calls, text messages, passwords, email, social media, bank accounts, and crypto holdings information. Not to mention that your 2-factor SMS authentication with your wallet is now in their hands. A hacker looking to steal cryptocurrency will usually scour for proof of crypto holdings and use your passwords to steal your crypto.
How to Protect Your Crypto from a SIM Attack?
Note that crypto transactions are irreversible, which makes a case for securing your assets even stronger. Storing your crypto information makes them susceptible to attacks – SIM swaps are an unsophisticated but effective method of transferring somebody’s information.
The first thing to know is that you should always store large amounts of crypto holdings in a secure location. Such a location and the safest thus far for crypto is a cold storage wallet. Cold storage wallets are those that when signing in or transacting, you don’t need to interact with an online server, i.e., your private key is stored offline. As such, a hacker can’t gain control of your crypto account through hacking, impersonation, phishing attacks, and so on.
With cold wallets, you can store keys in devices such as a CD, a paper, hard drive, and so on. A paper wallet is a paper document that has your public and private keys written on it. It has a QR code that will be scanned when you want to make transactions. Remember that you need to protect your paper document from damage from fire, water, and wear and tear.
Also, beware that hacking paper-wallet generator pages is likely to happen. A better procedure is to download a paper wallet app, copy it to a computer not connected to the internet or to a virtual machine, blocked from an internet connection, and create the keys there. For more on pitfalls of paper wallets, read this thread.
A hardware wallet uses an offline device to generate your private keys offline. These wallets look and function a lot like a USB device. When looking for a good hardware wallet, go for popular and time-tested wallets such as Ledger Nano, TREZOR, KeepKey, ColdWallet, ColdCard, OpenDime, and so on.