T-Mobile US was singled out for criticism following yet another SIM swap fraud that resulted in losses for members of the cryptocurrency community. This time the SIM swap was used to take control of a popular account on social media platform X (formerly known as Twitter) which then publicized a bogus offer of new non-fungible tokens (NFTs). Several followers of Vitalik Buterin (pictured), one of the founders of the Ethereum cryptocurrency, were tricked into losing USD691,000 between them. Buterin told his audience using the decentralized Farcaster social media protocol that he had…
…[f]inally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
Buterin also warned people to remove their phone numbers from X, saying this information was ‘sufficient’ for a hacker to execute a password change, and thus made two-factor authentication ineffectual as a form of protection for users. Buterin has 4.9 million followers on X, making him an obvious target for scammers wanting to trick people with substantial cryptocurrency holdings.
Freelance cryptocurrency crime investigator Zach XBT monitored the losses to victims who connected their wallets in the expectation of securing newly-minted NFTs.
Update: $691k drained (another 33% in drainer fee address) pic.twitter.com/AVIShqDlMU
— ZachXBT (@zachxbt) September 9, 2023
The number of SIM swap attacks that target cryptocurrency investors recently prompted Zach XBT to issue a warning to anyone still relying on one-time passwords sent by SMS for two-factor authentication.
Over the past four months $13.3M+ has been stolen as a result of 54 SIM swaps targeting people in the crypto space.
When an account is compromised scammers attempt to create a sense of urgency with a fake claim to drain your assets.
Never use SMS 2FA and instead use an… pic.twitter.com/Fu1C3syQJE
— ZachXBT (@zachxbt) August 23, 2023