I awoke this morning to find that my email server wouldn’t accept my password. I noticed that my phone only had WiFi and no cellular service. I restarted it and got full service again. I change my email password and notice that there is an email from Coinbase (my crypto wallet) saying I needed to re-upload my photo ID because they didn’t recognize whatever was sent. I immediately suspend the Coinbase account and do some more searching.

I see two text messages around 1:30am requesting two-factor authorization on my email account. At some point they gained control of my phone number and gained access to my email. Their apparent goal was limited to my Coinbase account as nothing else seemed tampered with (but I did change all passwords). It appears at this time that Coinbase requested photo id to be uploaded and they were not satisfied with whatever they got.

I called the cellular provider and they confirmed that at some point this morning somebody in a retail outlet requested my number to be swapped to a new SIM card. Typically this requires photo ID (or a scumbag insider) but they granted it for about 30 minutes before it reverted back to my phone.

I guess the moral of the story is to be wary of two-factor authorization for your banking/email/sensitive data. There are other options like Yubikey that are more secure. You can also request your cellular provider to never swap your SIM card without layers of additional information. If somebody gets your social security number (for Americans) they can also open a new phone account and port your number to the new phone. They only need it long enough to transfer cryptocurrency out of your wallet and out into cyberspace.

crazy times we live in so keep an eye out..

 

This is why we don’t keep crypto on centralized exchanges. Got a hardware wallet?

Glad you didn’t lose anything.

 

Well that's disturbing - are you USA based? Also what company is your provider?

 

This is called SIM swapping, it has been increasing in occurrence, and can have severe consequences. Beware because they must have had a fair amount of your information to convince the cellular provider they were you. As a precaution, I would put a security freeze in place with the credit agencies. As for two factor authentication with a mobile phone, it is better to use app based codes (e.g. Google Authenticator or similar) rather than SMS text messaging because the former would not be compromised in a SIM swap. Also, if your cellular provider allows it (e.g. AT&T in the USA do) associate a pin code with your account - that pin code is needed in addition to your pwd to login online, and for any in person cellular account transaction in a store. For more ways to help guard against this, just Google "SIM Swap"

 

Yeah

Yeah it was US-based T-Mobile. You can’t speak with a human at Coinbase so still not positive on the status of my funds. Supposedly they’ll contact me soon.

 

I never consider a phone safe for protecting my most sensitive data so I don't do banking, investments, credit card checking or anything like that on my phone. Sim card swaps are a relatively new thing and can be very damaging if someone takes control of your phone number. It often starts when they break into your email account and roam around, putting together a dossier on your various accounts by looking at your past emails. If they find your cell phone number they can try to do the SIM swap and then they are off to the races, often with help from an insider at a service provider. It's amazing what $50 will buy when dealing with a dishonest employee. I would raise hell with T-Mobile to understand why a SIM swap was allowed without checking your ID. And change your email password now if you aren't using a separate password account.

If your credit file isn't frozen with Experian, TransUnion and Equifax do that now. You'll get a password so you can unlock them if you go shopping for credit (new car, mortgage, credit card). And all three agencies are now allowing FREE WEEKLY reviews of your credit file through April 2022. Request them through www.AnnualCreditReport.com They usually provide ONE free report per year per agency (US Government requirement) but have changed it to weekly for the next year due to Covid. It's good financial hygiene to browse through your credit file, and your spouse's, just to check nothing has crept in or they are reporting something wrong that is hurting your FICO score. Mistakes do happen.

Last Saturday I downloaded all three reports for me and my wife.....six total. All was in order. Many credit cards now give you your FICO score monthly (AMEX, CITI, Bank of America, among others) so it is good to keep an eye on that, too. The free credit reports do not include the FICO score, the agencies fought Congress on that one since at the time it was a money maker for them, but now many of the cards give the score away to their card holders.

 

Damn I had a warning from a crypto place to change my password as there was a data leak. As soon as I saw that I checked and saw someone did attempt to access my account. Fortunately nothing missing but yeah that is scary and I was reading about those sim swaps and they are becoming relatively common. I like to leave some on the exchange as one of these days I will buy a watch with the damn stuff. Coinbase is having their ipo this year aren’t they? Not saying the sim swap is their fault but trying to actually talk to someone is quite difficult.

 

You guys are killing me. Get a hardware wallet and get your crypto offline.

 

Don’t knock paper wallets either I really feel safe it being completely off tech though I do like my trezor

 

As long as it’s offline. I’m more than 95% offline, because prices are rising so fast that interest and staking rewards have become irrelevant. It’s just not worth the risk.
Lol. I’m only paranoid because they really are out to get us.

 

Thanks for sharing. Your advice is spot on.

Though convenient and better than just a password, 2-factor using sms is getting less and less safe these days.

Some providers like here in Canada with Rogers require an additional text verification so show you own the cell number first.

But as it’s still being figured out, today we are best using Authenticator apps.

 

Well yeah the paper wallets it’s literally on a sheet of paper. Of course if you lose it or it becomes illegible it poses a risk but I don’t think you can get much safer from online bandits than having your crypto on paper in a lockbox. I liked the staking because it will help with the eth 2.0. The 7.5apy is a bonus certainly but there are risks involved with staking. I just find vitalki amazing . He created the most used blockchain before he was 25. Amazing guy.

 

Yeah, Vitalik is a wizard.

 

2FA using something like Google Authenticator is a lot safer than SMS, as it’s tied to your physical phone. I’m also assuming the OP is not in the Apple ecosystem?

 

He really is. I only grasp the tech in the simplest way as I’m not a tech guy but I’ve read up quite a bit and learn about these theoretical algorithms he is working on it’s really quite mind blowing. The guy is out to change the world in a way. Granted there is risk involved as he releases these updates live, vulnerabilities may exist, the whole thing could fall apart but it’s kind of exciting to be part of. When non tech geeks get fascinated and actually spend time reading what he’s doing it gotta say something. I think percentage wise eth has outdone bitcoin this year, or was it just the last few months. I see those crazy price predictions eth 10k by 2022. I’m not saying I believe that, anyone can shout out numbers but I’m really hoping it all comes together for the project and the updates I really want to see what eth can do in the future. Perhaps I’ve grasped 10% of some of the technical stuff I’ve read and that’s being generous and it is some fascinating stuff. He may be getting tech beamed to his brain by aliens.

 

I read an article about SIM swapping, and it was terrifying. A single low-level Verizon employee can basically give your phone to a criminal. Professional criminal organizations were targeting specific people who they knew had bitcoin.