Protect yourself: attackers easily steal cryptocurrency via user phone numbers

In what will certainly be a wake up call to most people, "cybersecurity and industry experts say investors should guard their cellphone numbers with the same paranoia with which they guard their social security numbers." In an increasingly common form of cryptocurrency theft, attackers are "SIM swapping," or porting a person's phone number from their owned device to a new device. Once they have done so, they are able to take control of online accounts that use a text or phone call for 2-factor authentication (2FA):

"After a criminal hacks into the person’s email or cryptocurrency account from their own devices, what’s known as “two-factor identification” will send a text code to the phone number as a form of security, and to prevent any sort of unauthorized log in. But because the hacker now controls that phone number, there’s no way of the rightful owner regaining control or stopping the hack."

There have been many such incidences of theft, including Cody Brown's well-documented theft via a port of his Verizon account to a new device followed by attackers taking control of his Coinbase account. Additionally, AT&T is being sued for $224M by a man who had $24M in cryptocurrency stolen from him in a SIM swapping attack.

There are a few very straightforward ways that people can immediately improve their security:

  • Put a PIN on your mobile carrier account
  • Use stronger 2FA, such as Google Authenticator or Authy rather than a text or phone call
  • Use a separate phone number, or remove a phone number *entirely* from key accounts

Stay safe out there by vigilantly monitoring your mobile account and taking the steps above, at a minimum.

(Source: CNBC)