How Investors Lose Their Cryptocurrency Savings Through Cellphones

With the huge increase in cryptocurrency adoption by non-experts in 2021, the number of scammers is also on the rise. Fraudsters have started using the SIM-swap method to gain access to users' personal information such as emails, bank accounts, and even their digital assets.

According to a recent Wall Street Journal (WSJ) report, hackers are increasingly targeting small crypto investors. Cybersecurity experts say the "mom and pop" boom has enticed many hackers to exploit fraudulent SIM swapping practises.

How much crypto was stolen?

The last few years have been encouraging for many hackers in the crypto industry. They have targeted the powerful, the wealthy, and ordinary people and companies who appear to have assets.

Last year, eight people were arrested in the UK and Europe for stealing more than $100 million from US victims. In the UK, the average amount stolen using SIM swap was £2500.

In August, a man from Kolkata, India, lost Rs 84 lakh ($111,920) when he clicked a 20-digit number to upgrade his phone. The criminals are still on the loose, and he has yet to get any of his money back.

Stephen Defiore, a Florida resident, had received more than $2,300 in multiple bribes from SIM-swappers. The 36-year-old worked as a sales representative between 2017 and 2018. He was bribed to trade at least 19 SIM cards. In October 2021, Defiore was sentenced to 3 months probation and a year of house arrest.

Recently, a Canadian teenager was arrested for stealing $46 million worth of cryptocurrencies (CAD) using a SIM swapping technique. He was tracked down by the FBI and Hamilton police after using the stolen digital money to buy a rare username in a video game. Police were only able to seize $7 million (CAD) in cryptocurrencies.

What is SIM-swap?

Also known as SIM-hijacking, it is an account takeover scam used to gain access to the victim's private accounts. Currently, most apps and services require users to use their phone number for a 2-factor authentication method. If the SIM hijacker gets hold of a phone number, one can easily change passwords and steal money from victims' accounts.

To do this, the scammers do not need to hack a phone, they just need to convince customer service that they are "you" to change the number to a new SIM.

Protections against SIM swapping include limiting information on social media, creating IDs without a phone number, setting various alerts, and/or using security authentication apps.

Despite advances in technology, 4 out of 5 (20%) SIM swap attacks are still successful, according to a Princeton University study.

Developing regulations

The US Federal Communications Commission (FCC) is working on regulations for a more secure approach to verifying customers' identities before transmitting SIM numbers. An FCC official also said it could take months for regulations to be issued.

The US regulator has received thousands of complaints about unsolicited robot texts and calls. The new rules are designed to block robot texts and calls at the network level. It will also prevent wireless carriers from accepting calls from voice service providers that are not listed in the FCC's database.

According to Midland Daily News, Jessica Rosenworcel, acting FCC chair, said: 

"We've seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robo texts that try to trick consumers to share sensitive information or click on malicious links."

She also added: 

"It's time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm.