Although official records indicate that SIM swapping is becoming less prevalent in the U.S., it remains a highly dangerous cyberattack that can result in significant financial losses and identity theft.
SIM swapping has long been used to hijack bank and social media accounts, but it is also becoming increasingly common in cryptocurrency theft. Individuals with cryptocurrency assets who are unaware of SIM swapping risks could lose their funds before they realize their accounts have been compromised.
To help you protect yourself from SIM swap crypto scams, this guide will discuss how they operate, the risks they pose, and the preventive measures you can take to safeguard your accounts.
What Is SIM Swapping Crypto Fraud?
SIM swapping is a type of cyberattack where a hacker tricks your mobile carrier into transferring your phone number to a SIM card they control. This is an elaborate process that involves the following steps:
- The attacker collects your information, whether through browsing social media, purchasing the data, or conducting phishing attacks.
- They use the information to trick your mobile carrier into thinking you’re the one who wants to transfer the phone number to a new SIM card. Often, hackers employ different tactics to create a sense of urgency. For example, they could say that your phone has been stolen or that they suspect a hack.
Once they have control over your phone number, hackers who conduct SIM swapping crypto scams can intercept SMS-based two-factor authentication (2FA) codes sent by crypto wallets and exchange accounts. In other words, they can:
- Take over your crypto accounts
- Transfer funds to accounts in their possession
- Change the account password to lock you out
- Take over your identity
- Exploit connected platforms (such as NFT marketplaces or payment gateways)
The consequences of SIM swapping crypto hacks can range from minor account issues to complete financial loss and stolen identity, leaving lasting damage to your online security and privacy.
Why Are SIM Swapping Crypto Scams Common?
Hackers often use SIM swapping to target cryptocurrency accounts, and there are several reasons behind this, including:
- Unregulated and decentralized crypto market
- Irreversible transactions
- Inadequate crypto platform security
Unregulated and Decentralized Crypto Market
While governments and financial institutions worldwide are developing legal frameworks to regulate the crypto market, there’s still a significant lack of crypto-specific laws. For example, inconsistent reporting and compliance requirements across jurisdictions allow hackers to find regulatory gaps that enable them to exploit individuals with cryptocurrency assets.
Another issue is market decentralization. There’s no central authority that controls the crypto market or offers assistance if your cryptocurrency gets stolen.
Irreversible Transactions
Traditional banking transactions are typically reversible, and you can often take advantage of the chargeback option to receive your funds back. This doesn’t apply to crypto transactions. In most cases, they are irreversible; once they’re confirmed on the blockchain, it’s impossible to cancel them.
If you’ve sent funds to the wrong address, you can get them back only if the recipient agrees to return them. In case a hacker gains control over your cryptocurrency account and sends funds to their account or uses them to make a purchase, you likely won’t be able to get the money back even if you manage to trace the transaction.
Inadequate Crypto Platform Security
Not all crypto platforms offer the same level of security. Well-established and reliable platforms typically have robust defenses, but new or smaller exchanges may lack strong defensive mechanisms to protect your accounts and funds.
Hackers are well aware of this and typically target platforms with poor security protocols and options.
Examples of Crypto SIM Swap Scams
In 2022, the FBI issued a warning about cybercriminals using SIM swapping to steal money from crypto accounts, but many SIM swapping crypto scams occurred before and after this warning, resulting in millions of dollars in damage. In fact, these attacks may be more common than you think.
One notable attack occurred in 2018, when a 15-year-old Ellis Pinsky and his friends used SIM swapping to steal approximately $24 million in cryptocurrency from Michael Terpin, a crypto investor. Due to his age, Pinsky wasn’t sentenced but was required to return the money to Terpin.
This example shows that hackers don’t need years of experience or advanced technical skills to perform a SIM swapping attack. It also emphasizes that SIM swapping may be easier to execute than some other cyberattacks.
Here are some other examples of crypto SIM swapping scams:
- In 2023, four Florida men stole $509,475 in cryptocurrency by SIM swapping victims’ phone numbers. One of the men worked at a major wireless communication provider, which allowed him to bypass security protocols.
- Between 2021 and 2022, Jordan Dave Persad and his co-conspirators performed SIM swap attacks to steal approximately $1 million worth of cryptocurrency from dozens of victims.
- A Chicago man was accused of leading a SIM swapping group known as the Powell SIM Swapping Crew. He and his co-conspirators have allegedly stolen over $400 million in cryptocurrency via SIM swapping.
How To Prevent SIM Swap Crypto Scams
SIM swapping attacks happen silently, and you may not notice anything until your accounts have been compromised. These attacks can be random and occur without any action on your end, such as clicking a malicious link or sharing your information.
Still, that doesn’t mean you should sit idly by and wait for an attack. You can take specific actions to minimize the risks of SIM swapping and protect your crypto accounts and funds. Here’s what you can do:
- Avoid SMS-based 2FA
- Use additional security measures offered by your cryptocurrency platform
- Pay attention to the signs of SIM swapping
- Avoid sharing sensitive data online
- Select a security-first mobile carrier
1. Avoid SMS-Based 2FA
Transferring your phone number to a new SIM enables hackers to intercept your calls and messages. If you use SMS-based 2FA as an additional security layer for your cryptocurrency accounts, hackers can intercept the code and use it to log in.
Consider safer authentication alternatives, including:
2. Use Additional Security Measures Offered by Your Cryptocurrency Platform
Many cryptocurrency companies offer advanced security features to protect your accounts and funds from unauthorized access and financial loss. Below are some options that may be available:
- Address whitelisting: Involves creating a pre-approved list of cryptocurrency addresses for withdrawals. Even if hackers manage to access your crypto account, they won’t be able to withdraw from it as their address isn’t approved.
- Multi-signature authorization: Improves account protection by requiring two or more signatures (or keys) to authorize a transaction.
- Cold storage: Allows you to store your cryptocurrency offline, protecting it from hackers. You can use a portion of your funds in online “hot wallets” for daily transactions.
3. Pay Attention to the Signs of SIM Swapping
Signs of SIM swapping typically appear only after you’ve fallen victim to the attack, but there may be indicators that you’re at risk before the swap actually occurs. Here are the warning signs to keep an eye on:
- Frequent phishing attempts: Hackers often use phishing to attempt to collect information necessary for carrying out a SIM swap attack, such as names, passwords, or addresses.
- Account lockouts: If you’re unable to access your account and are 100% certain you’re using the correct credentials, hackers may have already changed your username or password.
- Unauthorized transactions: Malicious actors may target your bank account in addition to your cryptocurrency wallet. Monitor your account for suspicious transactions and report any unusual activity.
- Unsolicited notifications from your carrier: Notifications about new device sign-ins, unfamiliar charges, or account modifications are alarming and require your immediate reaction.
If you’ve experienced a sudden loss of service, it could indicate that your SIM card has been deactivated. Don’t wait for the issue to resolve itself. Instead, use a different device to reach out to your carrier and check what caused the loss of service. If it’s indeed a SIM swap attack, reporting it as soon as possible can minimize further damage.
4. Avoid Sharing Sensitive Data Online
To obtain the necessary information for conducting a SIM swap, hackers often browse your social media profiles, posts on online forums, or public records.
For example, if you frequently participate in crypto forums or discussions and mention the amount of cryptocurrency you have or the platforms you use, you could become an easier target for malicious actors.
To minimize the risk of SIM swapping, never share your sensitive information online, no matter how reliable a web page or forum may seem. This doesn’t include only crypto-related data, but also your personal and contact information, as well as any other details that hackers could exploit to access your accounts.
5. Select a Security-First Mobile Carrier
SIM swapping can’t occur without your mobile carrier. Either hackers trick a customer service rep into porting your number to a new SIM card, or a mobile carrier employee collaborates with hackers and ports your phone number while working from “within.”
Regardless of the method used, implementing strict security protocols, providing proper employee training on SIM swapping, and utilizing advanced privacy and security options can significantly reduce or even eliminate the risk of these cyberattacks. Cape checks all these boxes and offers efficient protection against account and data breaches. With its robust infrastructure and security protocols, Cape provides you with peace of mind knowing your data won’t be compromised.
Unfortunately, not all U.S. carriers offer this protection. Many claim their security measures are at a high level, but the data suggests otherwise. For example, T-Mobile was involved in a SIM swapping lawsuit in 2020. The attack resulted in the theft of over 1,500 Bitcoin and 60,000 Bitcoin Cash, with a total value of approximately $38 million. The victim’s T-Mobile account had heightened security in the form of a PIN, which was supposed to prevent unauthorized changes.
Incidents like this one underscore the importance of robust security measures that offer genuine protection to users. The best way to safeguard yourself is to exercise caution when selecting your carrier.
How Cape Is Reinventing Mobile Security
Cape is a privacy-first mobile carrier that keeps your connection and data safe from network attacks. Our security approach is based on a simple idea: Don’t trust us. Instead of asking you to place blind faith in our systems, we’ve engineered them to protect your data—even from us. We collect the minimum amount of information necessary to provide our service; any data we do collect is deleted.
Cape’s SIM swap protection relies on minimal data collection and advanced encryption. We only collect the basic data necessary for providing services, which means you can sign up anonymously to ensure information like your name, address, and SSN never leaves your device. When you do, Cape will use its advanced cryptography to protect your account—here’s how:
- When you sign up, your device creates a private encryption key
- The key is a unique digital signature (a 24-word phrase) that only you can access
- Your account is locked with the private key, which stays on your device at all times
The digital signature is necessary to make significant account changes, such as number port-outs. There’s no human involvement, and nobody can initiate such changes but you, which minimizes the risk of SIM swapping.
Cape offers other robust security features, including:
Stay Connected and Secure With Cape
When you sign up with Cape, you get unlimited text, call, and 4G/5G data for $99/month. All federal, state, and local taxes are covered in the monthly plan—no hidden charges or contracts.
You can get started immediately by visiting cape.co/get-cape.
Cape has also partnered with Proton for a unique deal that shields your online activity. Cape subscribers can now get Proton Unlimited or Proton VPN Plus for only $1 for six months.
