How Do SIM Swap Attacks Work? A Predominant Threat For Digital Assets
In the age of digital assets, personal devices such as smartphones and tablets are the primary method for accessing, managing, and operating funds and assets. The integration of these devices into financial operations gave birth to innovative financial technologies, commonly known as fintech. These technologies leverage the capabilities of smartphones and tablets to provide a range of services such as mobile banking, digital wallets, and investment platforms.
For investors, smartphones serve as multifunctional hubs. They enable users to easily and conveniently access their financial accounts, investment portfolios, and other assets, as well as take action on the go. For instance, banking applications enable getting personal information, making transactions and purchasing banking products and offerings, all without needing to physically sign or visit a financial institution.
However, this increasing reliance on personal devices for financial management introduced new security and privacy concerns and challenges. Developing robust cybersecurity measures became paramount among fintechs and new-age customers. Even then, illicit actors continue to find vulnerabilities in digital systems, posing significant threats to financial institutions and customer assets. One particularly insidious threat is the SIM swap attack which tampers with the Multi-Factor Authentication (MFA) security protocol designed to ensure that access is only granted to the owner of the digital assets and accounts.
What is Multi-Factor Authentication (MFA)?
It is a widely used adopted security and authentication mechanism. It typically involves a combination of something the user knows (like a password) and something the user possesses (like a temporary code sent to their registered phone number). In the case of a SIM swap attack, where the attacker gains control of the user’s phone number, they can intercept these temporary codes to get access to the latter.
The most common type of Multi-Factor Authentication (MFA) is two-factor authentication (2FA). 2FA requires users to present two types of authentication. 2FA helps average users protect against unauthorized access, even if one factor is compromised, without complicating the access procedures.
Hackers have proved capable of compromising the first factor, typically a password only known to the user, using various techniques, including:
- Data breaches: Occur when unauthorized parties gain access to a system’s data (of the provider of the service or application the user is using), often resulting in the exposure of user credentials.
- Password cracking through brute force: Involves systematically attempting all possible combinations of passwords until the correct one is found, exploiting weak passwords, such as 123abc.
- Malware and keylogging: Malicious software is used to capture keystrokes or log sensitive information from the victim’s devices, such as a phone or a computer, compromising user credentials.
- Social engineering: Involves manipulating individuals into divulging confidential information, often by exploiting trust or posing as a trustworthy entity.
The second factor of authentication, in the context of two-factor authentication (2FA), can be delivered to the personal device through various methods:
- SMS Text Message: This is the most prevalent method. Users receive a text message containing a code that they must enter for authentication.
- Voice Call: Alternatively, a voice call can be used to deliver the authentication code. Users receive a call that provides them with the necessary code to enter.
- Authenticator App: Some services utilize authenticator apps that generate dynamic codes. Users access these codes through the app and input them for authentication.
- Security Token: For an added layer of physical security, a security token can be employed. This is a physical device that generates a code, often synchronized with the authentication system, and users enter this code to complete the authentication process.
These methods offer flexibility to users, however, they are not immune to sophisticated cyber threats. Security measures often involve fallback mechanisms that are interconnected to guarantee that the user does not permanently lose access to the fortunes held in their digital accounts. Estimates suggest that around 6 million Bitcoins, or 30% of Bitcoin’s supply, have been irretrievably lost, amounting to hundreds of billions of dollars in value.
To minimize this risk, methods were invented to restore access to authenticated applications in the event of device loss, damage, or other unforeseen circumstances. These fallback mechanisms often involve using a recovery email address or a backup code previously stored.
The same safety mechanisms introduced new venues for hackers to circumvent the 2FA protocol, allowing them to gain unauthorized access to digital assets. On November 13, 2023, a prominent influencer’s X account was hacked using the SIM swap technique. Ironically, the victim was allegedly involved in scamming activities which were exposed by the hacker.
What is the SIM swap attack?
It is a type of account takeover fraud that involves tricking a mobile carrier into transferring a victim’s phone number to a SIM card controlled by the attacker. This allows the attacker to intercept text messages and phone calls, including those used for two-factor authentication (2FA), and gain unauthorized access to the victim’s online accounts.
In the case above, the hacker executed a SIM swap attack to gain access to the account information and passwords associated with the compromised X account.
SIM swap attacks pose a significant risk to digital asset holders, especially cryptocurrency users. As crypto transactions often involve significant sums, the stakes are high, making individuals in this space prime targets for such attacks.
They typically unfold with the attacker deceiving the mobile carrier into transferring the victim’s phone number to a new SIM card under the attacker’s control. This unauthorized access to the victim’s account provides the attacker with a window into private communications and, more critically, control over sensitive information related to cryptocurrency holdings.
How do SIM swap attacks pose risk to cryptocurrency users?
As crypto users experience increased decentralization and freedom, they actively shoulder greater responsibility for protecting their devices and securing their digital assets.
The most critical applications hackers can target with cryptocurrency sim swap attacks are:
Cryptocurrency wallets or exchanges
These are platforms where users can store, send, receive, and trade their digital assets. Hackers can use SIM swaps to intercept 2FA codes or reset passwords for these accounts and then transfer the funds to their wallets or sell them on the market.
Email accounts
Hackers can use SIM swaps to access the victims’ email accounts and then use them to reset passwords, change settings, or compromise other linked accounts. With access to a victim’s e-mail address, the hacker may compromise both steps of the 2FA protocol, including passwords.
It is crucial to acknowledge that these examples represent only a fraction of potential targets. New products and services are introduced every day, and tailored precautions are necessary to ensure any vulnerabilities are guarded against.
In specific, SIM swap attacks have been on the rise, especially targeting cryptocurrency users. In 2022, a SIM scammer was sentenced to 18 months in prison for stealing more than $20 million in cryptocurrency via SIM swap attack. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.
The recent surge in SIM swap attacks, especially targeting cryptocurrency users, highlights the critical need for advanced security measures. At Blockchain Intelligence Group, we understand the importance of securing digital assets, our mission is to enable governments and law enforcement to investigate and retrieve stolen cryptocurrencies and digital assets. We offer investigators with QLUE™, a cutting-edge blockchain analytics tool designed by law enforcement experts. QLUE™ resembles the right candidate for investigators to pursue SIM swap attackers and match the pace of illicit activities.
We also understand the trade-off between shrinking law enforcement budgets and the need for quality tools. Our priority is data accuracy. Nonetheless, what sets us apart is our commitment to providing you with cost-effective solutions.
Book a demo today to use QLUE™ to investigate and resolve cases, quickly and affordably
Written By: Omar Marzouk
Writer, Content marketing at Blockchain Intelligence Group