If this hack hits you, be prepared
Earlier this year, Stacey Schneider’s iPhone suddenly lost its signal. So Schneider, an IT professional and technical marketer, went to her local AT&T store to get a new SIM card. Around this time, she received a notification from Coinbase, the app she used to dabble in the cryptocurrency market, alerting her that her password had been successfully changed.
But she had never initiated the Coinbase change. Something was wrong.
Schneider was the victim of a new kind of hack called SIM-jacking, and she lost nearly $71,000 to hackers trying to overdraft her bank account. In short order, the bad guys swapped SIM cards onto their own phones and accessed her Apple account—including her iCloud keychain information—giving them login and passwords to over 70 of Schneider’s accounts.
With quick thinking, Schneider regained control of her SIM and accounts in an hour—though not before losing $2,000 from her cryptocurrency wallet.
“[I’ve had] websites hacked many times over the past 25+ years,” says Schneider. “This [hack] was very personal, and I was livid and distraught thinking I just lost all that money. I also felt powerless, as my financial freedom was locked down for several days.”
Schneider spent three days on the phone to try and get her accounts back in order.
Sean Coonce, however, wasn’t as lucky. Hit by a SIM-jacking attack overnight, he lost $100,000 in a span of twenty-four hours. Hackers were able to access Coonce’s email and Coinbase accounts. They stole $100,000.
Confused and harried, Coonce visited a local phone store multiple times. “The second time,” Coonce recalls, “it just felt surreal. My mind started racing thinking ‘this [hack] can’t be happening.’”
Because hackers were able to affect the account in his name, it was difficult for him to get proper support from his phone company and he even received a collections notice from accounts opened in his name without his knowledge.
So in the end, both of these SIM-jacking victims were hit hardest in Coinbase, but that’s not how the hackers gained entry to their lives. The truth is all in the details.
Who’s at risk?
SIM-jacking is often a targeted attack because of the effort required for it to be successful. For this same reason, the attack, while high-profile, is rare, relatively speaking. However, from anecdotal evidence, it seems like public figures in the tech space and known cryptocurrency holders are the ones being targeted.
This is likely because hackers can easily access a victim’s active cryptocurrency account and drain it or purchase additional cryptocurrency if it’s tied to the victim’s bank account. Cryptocurrency transactions are, by design, harder to track, making it an attractive way of moving money around.
Even if you’re not a high profile cryptocurrency holder, you’re likely still vulnerable to these kinds of attacks and there’s a chance hackers might shift tactics and opt to execute SIM-jacking attacks because of their high rate of success.
If you’re ever the victim of a SIM-jacking attack, Coonce referred us to this comprehensive ‘SIM-swapping Bible’ published by Cipherblade and MyCrypto.
For a simpler set of actions you can take now to help prevent SIM-jackers from successfully hacking you, read our article on SIM-jacking here.