Bitcoin is revolutionary. ‘Not your keys, not your coins’ and ‘Be your own bank’ are some of the famous adages in the Bitcoin podosphere. Alas, while Bitcoin lets people be their own bank, taking control of one’s own funds can be a tough job.
Over the last decade, attackers have found a way to gain control over victims’ funds via a low-cost method called Sim Swap. The latest victim of this attack is a Chinese whale who purportedly lost Bitcoin Cash [BCH] and Bitcoin [BTC] worth $30 million and $15 million, respectively.
The attacker[s] siphoned off $45 million in total following which the victim Zhoujianfu, in a now-deleted subreddit post, reportedly sought help from top BCH miners to reverse the transactions at 3 confirmations. However, at press time, the transactions were found to have 32 confirmations.
To make the tracking of the funds obscure, the hackers reportedly split up the coins. Following the attack, Dovey Wan, Founding Partner at Primitive Crypto, further speculated that these coins could potentially be sent through a coin mixer. She tweeted,
“I still can’t believe it’s true HOW COME SOMEONE KEEPS SO MUCH CRYPTO ASSET ON HIS PHONE ???? this is the dumbest thing ever… It seems the hacker is now splitting the BTC into smaller amounts and may enter into mixer soon.. so it’s a real hack most likely.”
To pull off a sim swap attack, the hacker needs to gain control over the victim’s phone number. According to a recent study by a joint group of professors and Ph.D. students at Harvard University’s Department of Computer Science and Princeton University’s Center for Information Technology Policy, there has been a notable increase in the number of sim swapping cases in recent years.
Arvind Narayanan, Associate Professor at Princeton and one of the paper’s authors, had tweeted,
“The attacker calls your carrier, pretends to be you, and asks to transfer service to a new SIM. That’s bad enough but hundreds of websites use SMS for 2-factor authentication, putting your accounts at risk.”
From Twitter CEO Jack Dorsey to Preety Kesireddy, many Bitcoiners have been targets of such sim swap schemes, especially during the height of Bitcoin’s bull run.
Recently, Gregg Bennett, a serial angel investor, had also filed a lawsuit against Bittrex, claiming the exchange violated or ignored its own security standards and industry-standard practices that allowed hackers to steal nearly $1 million worth of Bitcoin from Bennett’s account in April in 2019.
Bennett was initially the victim of a SIM card hack, who then attempted to alert Bittrex. However, Bittrex reportedly failed to heed his warning for nearly two hours, allowing the hackers to drain his account.