Sim swapping is becoming an increasing nuisance to the crypto community, as scammers almost appear to have a deal with carriers to allow these attacks to take place. Sim swapping is where a scammer calls up a telecoms carrier and claims to be the owner of a mobile number that has lost his or her device. He then requests a new sim with the number loaded on it and collects it from the closest carrier outlet. This scammer can then reset crypto wallets linked to the mobile number, as well as resetting passwords for email accounts and then crypto exchanges rather easily.
This week, T-Mobile’s Twitter helpdesk has been flooded with reports of sim swapping attacks, and it wouldn’t come as a surprise if an employee helped the attacks take place. We have seen it time, time, and time again, but will it be different with T-Mobile?
T-Mobile Missing Steps?
Multiple customers who are rather high profile in the crypto community places specific instructions on their accounts to prevent sim swapping from taking place, but allegedly T-Mobile ignored these instructions. Andrew Kang – co-founder of Minerupdate.com – said that T-Mobile used SMS verification, an SMS that was intercepted by the scammers, when he did not have SMS verification enabled. Echoing those comments, John Caldwell – co-founder of ASG Blockchain – said T-Mobile used SMS to verify his account when he uses a password-based 2FA feature. Both of these high profile names in the crypto community are calling out T-Mobile for their lax security.
Sim Swapped. Phone number ported. Thanks @TMobile
That’s at least 15 of us in the crypto community in the last week.
— Andrew Kang (@Rewkang) June 1, 2019
T-Mobile Should Watch Out
Back in 2018, Michael Terpin filed a $224 million lawsuit against AT&T for gross negligence after he had almost $24 million in crypto stolen following a sim swap attack on his number. The $24 million was stolen over several breaches, one of which Terpin alleges was down to an insider at AT&T helping the hackers. Los Angeles District Court awarded Terpin $75.8 million in compensation – a sum that we could see T-Mobile end up forking out to Kang, Caldwell, and others who have been impacted by this recent spate of sim swap attacks.
Sim Swapper in Jail
Joel Ortiz burst to fame for being the first sim swapper indicted in New York. Ortiz stole more than $7.5 million from various high-value targets around the US. He then spent the money living a life of luxury, including a $10,000 LA nightclub tab and hiring a helicopter to take him to a music festival. Finally, Ortiz was caught and sentenced to 10 years behind bars for sim swapping – a fate that the T-Mobile sim swappers could receive when they are found.
Unfortunately, sim swapping attacks are far too easy due to the number of ways scammers can bypass security controls on telecoms accounts. Carriers need to do the right thing and step up security to help protect crypto investors from these types of attacks.