20.5k unique visitors in the last 3 days

Cyber Expert Analyzes How to Steal Cryptocurrency with SIM Swaps

Hackers use SIM swaps as part of a process that also abuses the lax security of email providers and cryptocurrency wallets.

An excellent article in Dark Reading has Nicole Sette, Director of Kroll’s Cyber Risk practice, walking through the security vulnerabilities of several different cryptocurrency accounts. Unlike the usual propaganda that every problem can be solved by making it hard to replace SIM cards, Sette identifies how crypto accounts significantly differ in the controls that surround user authentication and password resets, with the result that some are much less liable to be hacked by a SIM swapper than others. Furthermore, Sette discusses how insecure email services continue to be a gateway to obtain access to other user accounts.

It’s clear that the true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges’ and email providers’ variable implementation of 2FA. Until all crypto exchanges force the implementation of more secure application-based 2FA, these vulnerabilities will continue to allow for SIM-swapping attacks against crypto accounts.

Will politicians and consumer champions start moaning about poor security for email and cryptocurrency accounts? That seems unlikely, because telcos make a much more appealing target. But Sette shows conclusively that SIM swaps can only be used to take over cryptocurrency accounts when the hacker can also exploit other security weaknesses that lie outside of the control of telcos. It is a shame that few of the big mouths who claim to be raising awareness of SIM swap fraud are demanding those security gaps be closed too.

You will find Nicole Sette’s article for Dark Reading by looking here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email