SIM swap, or SIM jacking, is a type of identity theft where an attacker convinces a mobile service provider to switch a user's phone number to a new SIM card controlled by the attacker. SIM swap scams are especially dangerous for crypto investors.
Once the attacker has control over the victim's phone number, they can use it to reset passwords and bypass two-factor authentication (2FA) on the victim's accounts, including email and cryptocurrency exchanges. This allows the attacker to gain unauthorized access to the victim's cryptocurrency wallets or exchange accounts, potentially leading to substantial financial loss.
The attacker typically accomplishes this by gathering personal information about the victim and using social engineering techniques to trick the mobile service provider's customer service. This highlights the importance of safeguarding personal information and using additional security measures, such as hardware-based 2FA, to protect sensitive accounts.
For instance, in a recent SIM swap scam in September 2023, scammers took control of Vitalik Buterin's Twitter (X) account and used it to post a fake NFT giveaway, luring users to click a malicious link, resulting in potential harm to those who fell for the scam. This incident occurred when Buterin's T-Mobile phone account was compromised, highlighting the risks associated with SIM swap attacks in the crypto community.