SIM Swap Social Engineering of T-Mobile Staff Blamed for $691,000 NFT Heist

T-Mobile US was singled out for criticism following yet another SIM swap fraud that resulted in losses for members of the cryptocurrency community. This time the SIM swap was used to take control of a popular account on social media platform X (formerly known as Twitter) which then publicized a bogus offer of new non-fungible tokens (NFTs). Several followers of Vitalik Buterin (pictured), one of the founders of the Ethereum cryptocurrency, were tricked into losing USD691,000 between them. Buterin told his audience using the decentralized Farcaster social media protocol that he had…

…[f]inally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).

Buterin also warned people to remove their phone numbers from X, saying this information was ‘sufficient’ for a hacker to execute a password change, and thus made two-factor authentication ineffectual as a form of protection for users. Buterin has 4.9 million followers on X, making him an obvious target for scammers wanting to trick people with substantial cryptocurrency holdings.

Freelance cryptocurrency crime investigator Zach XBT monitored the losses to victims who connected their wallets in the expectation of securing newly-minted NFTs.

The number of SIM swap attacks that target cryptocurrency investors recently prompted Zach XBT to issue a warning to anyone still relying on one-time passwords sent by SMS for two-factor authentication.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.