|
|
On July 21st, Uniswap founder Hayden Adams' Twitter account was hacked, and tweets containing phishing links were posted. It is believed that this hacking incident might be a form of SIM card theft, where attackers take control of the victim's phone number, enabling them to access bank accounts, credit cards, or accounts.
On July 23rd, Coinlist's account was also hacked, and phishing links were posted. Additionally, on July 5th, LayerZero's Twitter account was compromised, along with the official Twitter account of DEX trading aggregator platform Slingshot in June, and BitBoy founder Ben Armstrong's Twitter account, among others. Why have numerous cryptocurrency accounts fallen victim to these attacks? How can users safeguard themselves?
Here's the full translation of the article from Cointelegraph:
As SIM card swapping attacks are often considered to require low technical skills, users must remain vigilant about their identity security. Despite ongoing improvements in online security infrastructure, online identities still face many risks, including those associated with hackers attacking users' phone numbers.
In early July, LayerZero's CEO Bryan Pellegrino became one of the latest victims of SIM card swapping attacks, briefly giving hackers control of his Twitter account. After regaining control of his Twitter account, Pellegrino quickly tweeted, ""I guess someone took my conference badge out of the trash and somehow convinced the agent when I left Collision that it was proof of identity for SIM swapping."" Pellegrino told Cointelegraph, ""It was just a plain paper conference badge that says 'Bryan Pellegrino — Speaker.'""
Pellegrino's experience might lead users to believe that executing a SIM card swapping attack is as simple as taking someone else's ID. Cointelegraph has reached out to some cryptocurrency security companies to verify whether this is indeed the case.
What is SIM Card Swapping Attack?
SIM card swapping is a form of identity theft where attackers take control of the victim's phone number, allowing them to access their bank accounts, credit cards, or cryptocurrency accounts.
In 2021, the Federal Bureau of Investigation received over 1,600 complaints related to SIM card swapping, involving losses exceeding $68 million. Compared to complaints received in the previous three years, this represents a 400% increase, indicating that SIM card swapping attacks are ""definitely on the rise,"" according to Hugh Brooks, Chief Operating Officer of CertiK. Brooks stated, ""If we don't move away from relying on SMS-based two-factor authentication and if telecom providers don't enhance their security standards, we might see the number of attacks continue to rise.""
According to 23pds, Chief Information Security Officer of SlowMist Security, SIM card swapping attacks are not yet very common, but they have significant growth potential in the near future. He mentioned, ""With the increasing popularity of Web3 and more people entering the industry, the likelihood of SIM card swapping attacks will also increase due to their relatively low technical requirements.""
23pds referred to some cases of cryptocurrency-related SIM card swapping hacks over the past few years. In October 2021, Coinbase officially disclosed that due to vulnerabilities in two-factor authentication (2FA), hackers stole cryptocurrencies from at least 6,000 customers. Previously, British hacker Joseph O'Connor was charged in 2019 for stealing about $800,000 in cryptocurrency through multiple SIM card swapping attacks.
Difficulty of Executing SIM Card Swapping Attack
According to executives at CertiK, SIM card swapping attacks typically exploit publicly available information or information obtained through social engineering techniques. Brooks from CertiK stated, ""Overall, compared to more technically demanding attacks like smart contract exploits or exchange hacks, SIM card swapping might be considered a lower-entry-barrier attack.""
23pds from SlowMist agreed that executing a SIM card swapping attack doesn't require advanced technical skills. He also noted that such SIM card swapping is ""widespread"" in the Web2 world, so its appearance in the Web3 environment is ""not surprising."" He said, ""It's usually easier to execute by deceiving relevant operators or customer service personnel through social engineering techniques.""
How to Prevent SIM Card Swapping Attacks
Because SIM card swapping attacks typically don't require high technical skills from hackers, users must remain vigilant about their identity security to prevent such attacks.
A core protective measure against SIM card swapping attacks is to limit the use of SIM card-based two-factor authentication methods. Hacken's Budorin pointed out that instead of relying on methods like SMS, it's better to use applications like Google Authenticator or Authy.
23pds from SlowMist also mentioned additional strategies such as multi-factor authentication and enhanced account verification, such as additional passwords. He also strongly recommended that users set strong passwords or PINs for their SIM cards or mobile accounts.
Another way to avoid SIM card swapping is to protect personal data, such as name, address, phone number, and birth date. 23pds from SlowMist also recommended carefully reviewing online accounts for any unusual activity.
Brooks from CertiK emphasized that platforms should also take responsibility for promoting secure two-factor authentication practices. For example, companies could require additional verification before allowing account information changes and educate users about the risks of SIM card swapping. |
|
Post time 31-8-2023 15:04:30
