Sim-Swap attacks

In previous articles, we discussed SIM swap attacks and explained how they work. This method has gained popularity for being used to hack very famous people and organizations in the technology and finance industry. Let's cover some of them.

• Jack Dorsey - Ex-Twitter CEO - In 2019, his Twitter account got hacked and used to tweet racial and antisemitic messages. This was achieved by a group called Chuckle Squad, which carried out several attacks on famous influencers on YouTube and Instagram.

Twitter CEO Jack Dorsey's account was hacked.

Twitter pointed to Dorsey's cellphone carrier—AT&T—as the culprit, saying that "the phone number associated with the account was compromised due to security oversight by the mobile provider," which allowed the hackers to send the tweets using text messages via Cloudhopper.

• US SEC - X Account - One of the most recent hacks involving a SIM swap was the one perpetuated to the Securities and Exchange Commission X account. The hackers use this access to tweet about a fake BTC ETF approval. Causing the price of Bitcoin to pump

New details emerge about SEC's X account hack, including SIM swap

In consultation with the SEC telephone carrier, the organization determined that an unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent 'SIM swap' attack.

• Bart Stephens - This crypto investor claims that a hacker used his cell phone number to reset passwords and bypass 2FA at several unnamed digital wallets and then "began to withdraw digital assets" for $6.5 million systematically.

Blockchain Capital's Bart Stephens Lost $6.3 Million In SIM-Swap

The hacker also tried to steal Bitcoin and Ethereum worth $14 million from a "custodial cold wallet" owned by Stephens but was blocked by a Blockchain Capital employee who had been notified of the withdrawal, being aware that they were under an attack.

• Michael Terpin - Investor In 2018, 15-year-old Ellis Pinsky and a group of gamers managed to SIM swap the cellphone number of this well-known crypto investor and venture capitalist in one of the major hacks of this type.

Teen Gamers Swiped $24 Million in Crypto, Then Turned on Each Other

The young gang could take charge of the victim's cryptocurrency accounts and transfer the funds to accounts under their control. In his confession, Pinsky said that many underpaid employees for carriers like Verizon or AT&T were willing to take bribes to perform SIM swaps

• Vitalik Buterin - Ethereum In September 2023, unknown hackers used a SIM swap attack to spoof Twitter, allowing them to reset his Twitter password and access his account and 4.9 million followers. The attack was performed using social engineering on T-Mobile employees.

Buterin said the hack was made easier because the social network, known as X following Elon Musk's takeover last year, uses a phone number to recover an account. A phone number is sufficient to reset a Twitter account password, even if it is not used as a 2FA.

Once in control of Vitalik's account, the exploit was to use his account to post a fake NFT giveaway, prompting users to click on a malicious link, which resulted in those victims collectively losing more than $691,000.

If you want to dig deeper, here there is an investigation carried out by ZachXBT of 54 SIM swaps that stole more than $13.3 M > https://twitter.com/zachxbt/status/1694326221511794706

Even with all these famous cases and millions lost, cellphone carriers are not addressing the problem with the importance it deserves. It is time for telecommunications companies and governments to ensure policies and procedures that protect their users against these attacks.

What other famous SIM swaps do you remember? Has this ever happened to you? Are you still not sure how to stay safe? Check our previous thread on this subject > https://twitter.com/blockfence_io/status/1718844219085689339

Stay safe!

? ? ?