In brief
- A man lost $27,000 in BTC to crypto scammers.
- The scammer impersonated Ledger support staff to get into his account.
- There’s been a growing trend in SIM swapping attacks on the crypto community recently.
We do the research, you get the alpha!
Editor's note: This article has been updated to remove indications that this was a SIM-swapping attack.
A 48-year-old man from Daly City, CA, claims to have lost approximately $27,000 of Bitcoin in a crypto scam.
According to KTVU FOX 2, the man, as-yet-unnamed, called Daly City police on January 14 to report that he received a text from a person purporting to represent telecommunications provider T-Mobile, who said his account was frozen after multiple attempts were made to change his password.
He later received a call from a blocked number. The caller identified himself as an operator for Ledger, the crypto wallet hardware company that held the man’s Bitcoin, informing him that his account had been compromised. The caller extracted his passcode and anonymous account identification numbers.
That was all the information the hacker needed to get into the man’s crypto wallet. When he checked his Ledger account, the man later saw that all of his funds (about $27,000 in BTC) were gone.
Has this happened before?
People impersonating support staff is nothing new, but the Daly Man's incident is all too close to a familiar crypto scam that's even scarier: SIM swapping.
The technique involves scammers persuading mobile network companies to reassign the victim’s phone number from the victim’s SIM to one held by the scammer. Once reassigned, the victim can exploit two-step security verification techniques to reset the victim’s passwords and gain access to their online accounts.
How SIM swapping scammers target crypto users
In 2019, two men from Massachusetts conducted an extensive SIM swapping scheme to extort $550,000 from at least ten people, the majority of whom were from California and working in crypto.
Another high-profile SIM swapping scam was uncovered last year after a leak compromised the personal information of Canadian crypto exchange Coinsquare’s users and left it all in the hands of hackers, who told Vice they planned to use the stolen data for a large-scale SIM swapping scam.
By far the largest reported SIM swapping scam occurred in 2018 when Ellis Pinsky, who was 15 at the time, allegedly defrauded U.S. crypto investor Michael Terpin of $23.8 million in crypto.
What you can do to protect yourself from SIM swapping
If you’ve been successfully targeted by SIM swapping scammers, there’s not much you can do. However, prevention techniques can increase the security of your online profile. Networks like AT&T, T-Mobile and Verizon offer the ability to add a PIN code to your wireless account, giving you an extra layer of security.
In addition, try to limit the amount of data you share in your online footprints, as scammers rely heavily on open-source data to convince network carriers they are the rightful account holder. Be wary of unsolicited emails or texts asking for personal information—they could be a scammer “phishing” for online information. Also, consider third-party authentication apps like Google authenticator.
Above all, stay safe! Dress up warm! Don't speak to strangers!