May 24, 2021

When 2-Factor Authentication Is Compromised. Protect Your Cryptocurrency from Sim Swap Scam

By Timothy Shields.

Nowadays, a lot of people are engaged in trading and holding cryptocurrency in different exchanges online. In fact, several individuals have earned thousands or millions from their cryptocurrency trades, particularly in Bitcoin or Ethereum. At the same time, there are also those who made money from other alternative coins (aka altcoins). These digital assets have become extremely popular.

For those who are not familiar with cryptocurrency, it actually refers to a digital currency that can be used to purchase products or services. In fact, a growing number of companies or merchants are starting to accept digital currencies as a mode of payment. Cryptocurrency coins are installed in digital wallets, which makes them vulnerable to cyber-attacks and fraudulent scams like sim swapping.

What is Sim Swap Scam? 

It refers to a common scam where a bad actor convinces a cellular provider that they are the legitimate owner of an account and they take control over an existing account. Every cell phone has a “sim card” which is a small physical computer chip that is the “subscriber identity module”. This is how the cell tower knows which phone is connected. This scam is commonly a multi-step process. In one example, a bad actor gained access to a victim’s email. From there, they gathered enough information about the victim and then they call the phone company to transfer the victim’s number to a sim card the bad actor has possession of.

How Does It Take Place?

The first step that scammers usually take is to acquire or obtain crucial information about the owner of a particular mobile number through online data breaches and hacked emails. The fraudster would employ methods that will allow him to gather personal information from the target victim. This is usually done through sending phishing emails or even hacking the online social media accounts of the victim.

Once the scammer obtains the crucial personal details, the next step is to contact the mobile phone provider of the victim. Thereafter, the scammer will act as real holder of the account and transfer the cell number to a new sim card where the scammer will receive any text messages.

From there, the scammer can start manipulating the accounts linked to the victim’s number. For example, they will log into an online bank account and change the password Since they control the email account, they can reset the password. If the bank, then sends a text as s secondary security (two factor authentication) the scammer is already in control of the phone and can now log in. Any transaction emails will go to the compromised email account. In the case of cryptocurrency, the bad actor can gain access to the digital wallet and quickly transfer the crypto assets to untraceable accounts before the victim can act. In one case, the scammer actually called the victim acting as fraud prevention and further victimized the person.

How To Protect Your Digital Wallet

As already mentioned above, it can be easy for various sim swap scammers to access your digital wallet and steal your cryptocurrency. There are several ways on how you can stop this from happening. The Federal Trade Commission recommends that you follow these tips:

  • Use different passwords across all of your online accounts and change them often.
  • Be careful in sharing your information with people who request it through online platforms or via text messages. Do not be too trusting and always act vigilantly when someone tries to obtain a piece of information from you. Never reply to emails or messages that require you to provide personal information.
  • As much as possible, limit the details that you post on your social media accounts. Take note that a lot of people can see your status updates or other posts on platforms like Facebook, LinkedIn, Instagram, and Twitter.
  • Use the authentication and two-way verification features for your phone and other digital accounts. It is best to add a pin code or biometric identification to all the applications in your phone that are vulnerable to hacking.
  • Ask your phone provider to lock your account with a PIN or pass code.
  • Use an authentication App rather than a text message code where possible.

To conduct a digital review or If you find yourself in a situation where you fell victim to the sim swap scam, be sure to contact an attorney. Talk to a lawyer who can help you deal with all the legal consequences that may arise. Find an attorney who is knowledgeable in cryptocurrency and specializes in cybersecurity or technology laws.

Timothy Shields is a Partner at Kelley Kronenberg focusing his practice on Technology, Data Privacy, and Social Media Representation. Tim serves technology companies as general counsel for a flat monthly rate based on the company’s needs starting at $1300/month.

Contact Timothy Shields at:
Phone: 833-830-HELP (4357)


DISCLAIMER: This article is provided as a courtesy and is intended for the general information of the matters discussed above and should not be relied upon as legal advice. Neither Kelley Kronenberg, nor its individual attorneys or staff, are responsible for errors, omissions and/or typographical errors – always seek competent legal counsel.