SIM swapping attacks have targeted several members of the cryptocurrency community in the United States.
The detailed picture
In the last week of May, several users reported that they’ve been a victim of the SIM swapping attack.
A user named Chris Robison tweeted that he suffered three SIM swap attacks compromising his phone records. “I haven't gone public yet but I had three on me personally in the past week. Submitted an FBI report. All sign point to an inside job at the cell company. Phone records were wiped clean for an entire day and "recorded for quality and training purposes" settings were turned off,” the tweet read.
Another user named Andrew Kang tweeted that almost 15 members in the cryptocurrency community have been impacted by the attack.
“Sim Swapped. Phone number ported. Thanks @TMobile. That’s at least 15 of us in the crypto community in the last week,” Kang tweeted.
Victims’ social media accounts hijacked
Some of the victims admitted to losing funds in cryptocurrency, while others said that they avoided the attack by switching to using hardware security tokens to protect accounts.
Meanwhile, one victim noted that once hackers realized that they could not access cryptocurrency accounts, they immediately switched tactics and targeted social media and email accounts, successfully hijacking the victim's Instagram account.
“PSA: If you have @TMobile as your Cell provider, someone was able to convince them to swap the SIM on one of the lines on my account at 10 PM last night without my authorization and used it to break 2-factor authentication, and gain access to an @instagram account,” Hunter Bond tweeted.
While most of the victims of SIM swapping attacks were T-Mobile customers, the issue isn't limited to T-Mobile alone. Some victims were also AT&T customers.
A Twitter user named Ron Patir recommended the victims to email the Regional Enforcement Allied Computer Team about the attack.