19 year old SIM swapper from U.S. stole more than a million dollars in cryptocurrency

Colin Baseman

The case of a nineteen-year-old United States resident was being investigated in Manhattan. The con man stole information about 75 investors to steal their cryptocurrency, the district attorney said.

How did he do that?

The only thing the U.S. citizen needed to commit a crime was an iPhone and a personal computer. He used the devices to access the data of 75 people. It took him 4 months.

That appeared to be more than enough to steal $1,000,000 in cryptocurrency. During the proceedings, the prosecutor mentioned it was already the third SIM-swapping trial in December involving big funds.

The offender deliberately selected victims from the cryptographic community. First of all, he got access the mail programs, and afterwards he started changing the passwords in them. As a result, the real owners have lost control of their accounts.

The further actions of the man are not specified. It is known that the criminal was charged with identity theft, theft and criminality involving computers.

Similar cases

The previous major case related to SIM-swapping has happened in one month before the case. The attackers acted in a similar way. That allowed them to grab cryptocurrency worth more than a half a million dollars.

One cryptocurrency exchange user previously admitted he has lost all savings stored on platform’s internal wallet after he had lost control of his SIM-card. The article about Major Scam by South Korean fraudsters tells about other cryptocurrency theft cases without using SIM-swapping.

How SIM-Swapping works

In order to steal the cryptocurrency the fraudster must know the phone number and some investor’s personal data. This can be bought from mobile phone operators.

The number is being blocked once the call to technical support service is done. Specifying the reason is more than enough. In most of the cases that is the loss of mobile device.

In case operators believe the fraudster, he may ask to transfer the mobile number to his SIM card.

The only thing needed for logging in is passing two-factor verification, since the scammer has already received a SIM-card with the phone number tied to an account with cryptocurrency exchange. The fields of personal data and investments are also suffering from SIM-swapping damages. Crimes, connected to stealing money or personal data are also quite common. Though, they are not being discussed so much.

SIM-swapping spreading

United States suffers from SIM-swapping damages the most. More than 2 thousand thefts were officially registered in 2019. The scammers’ main target is large investors.

Californian police had to take special control of the cases, connected to stealing digital coins through SIM-swapping. Most commonly such criminals are under 25 years old.

How to get back the stolen cryptocurrency

There is no way to get back the stolen funds.  It is impossible to accuse one of SIM-swapping crime. The following parties should be responsible for that: mobile network operator, digital coins owner and parties, representing the exchange.

So far, we have not registered any case of mobile network or cryptocurrency exchange’s administration returning money to the victim.

The representatives of cryptocurrency community believe that mobile network operators are guilty of SIM-swapping phenomenon.  They accuse them of disclosing personal data of the number owners. As well, they believe they are the ones being guilty of the leak.  Therefore, they should reimburse the lost investments.

Ways to protect against fraud

There is no way to return the lost funds, which is why one should take all measures to avoid becoming a victim. Especially for the second time. It is obvious you need to know how to protect yourself from intruders:

  1. Do not add phone number to your account with an exchange. If the platform allows to do that, you should use the opportunity.
  2. Do not specify the phone number on open sources. In case attackers successfully identify the cell phone’s owner, they have great chances to transfer user ID to their own SIM card. This will give access to social networks, mail and the cryptocurrency exchange.
  3. Set a second password. When registering a number, mobile operators offer subscribers to specify a code word. The code word is used for any actions with the SIM-card that require user identification. Attackers are not aware of the mentioned code, which is why they cannot get access to your accounts.
  4. Do not enable two-factor authentication. You may often spot large platforms for buying and selling digital money offering Google Authenticator.  It is claimed to be an alternative to SMS. The application generates two codes per minute. Only the owner of mobile device knows them. That makes it's almost impossible to compromise the codes.
  5. Keep it anonymous. You should not spread the word of your investments in various cryptocurrencies. Sometimes you may want to boast of some successful purchases on the bear market. Though, such desire may play a trick on you.  
  6. Turn off call forwarding. This function is used by cybercriminals to access account information.

Even if you take all measures, you should still keep an eye on your mobile device. If the phone is missing, contact your mobile network provider immediately and ask to block your SIM-card.

They recommend using a safest place for keeping the device with a phone number connected to an exchange or online wallet. You should make calls at least once in a few weeks. You should also keep the battery charged. Those, taking such measures are less likely to lose their funds.

There is a rather secure alternative to online wallets - that is cold self-contained wallets. The size of such devices is similar to a flash card. It is impossible to steal cryptocurrency from them through SIM-swapping.

It is mandatory to use such cold wallets for large investments in cryptocurrencies.