Sim Swap Attack
A SIM swap attack tricks a mobile carrier into porting a victim's phone number to the attacker's SIM card, enabling them to intercept SMS 2FA codes and access cryptocurrency wallets or exchanges.
What Is a Sim Swap Attack?
A Sim Swap Attack is a scam where an attacker tricks a mobile carrier into transferring a victim's phone number to a new SIM card under the attacker's control. Also called SIM swapping or phone takeover, it lets attackers intercept calls and text messages. Attackers target this to bypass SMS-based two-factor authentication (2FA).
Attackers start with social engineering. They gather personal details about the victim, such as name, address, or partial Social Security number, from data breaches or phishing. They call the carrier's support, pretend to be the victim who lost their phone, and request a SIM transfer. If successful, the victim's phone loses signal. The attacker receives all SMS codes and calls on their device. They use these to reset passwords on email, banks, or crypto exchanges.
This attack matters greatly in cryptocurrency security. Many exchanges and wallets use SMS 2FA, making accounts vulnerable. Once in, attackers drain funds, transfer crypto to their wallets, or sell access. For example, in 2020, attackers stole millions from crypto users via SIM swaps on major exchanges like Binance.
Key characteristics include reliance on carrier vulnerabilities and victim data. Types vary: pure social engineering, insider bribes at carriers, or malware-assisted info gathering. Prevent it by switching to app-based 2FA (like Google Authenticator), hardware security keys (YubiKey), or email/biometric auth. Never share personal details with unsolicited callers.
In cryptocurrency, a swap is the direct exchange of one token for another on a blockchain, often via decentralized exchanges (DEXs) without intermediaries.
Read full definitionTwo-Factor Authentication (2FA) secures cryptocurrency accounts and wallets by requiring two verification methods, such as a password plus a code from an authenticator app.
Read full definitionA phishing attack tricks crypto users into revealing private keys, seed phrases, or login details via fake emails, websites, or messages mimicking legitimate wallets or exchanges.
Read full definitionCryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.
Read full definitionCrypto Security refers to practices, tools, and protocols that protect cryptocurrencies, private keys, wallets, and blockchain networks from theft, hacks, and unauthorized access.
Read full definitionReal-World Examples
Example 1: Crypto theft on exchanges. Attackers target users with SMS 2FA on Binance. They swap the victim's SIM, intercept login codes, and transfer Bitcoin to untraceable wallets. In 2020, this stole millions from users.
Example 2: Social engineering scenario. An attacker phishes for a victim's details like address and SSN last four digits. They call T-Mobile support, claim a lost phone, and request SIM swap. Victim's phone goes offline; attacker resets Coinbase password via SMS.
Example 3: Hardware wallet recovery vulnerability. User stores Ledger seed backup in email protected by SMS 2FA. Attacker swaps SIM, accesses email, steals seed phrase, and drains wallet of Ethereum.
- Victim notices: No phone signal, unauthorized logins.
- Outcome: Funds gone in minutes.
Cryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.
Read full definitionTwo-Factor Authentication (2FA) secures cryptocurrency accounts and wallets by requiring two verification methods, such as a password plus a code from an authenticator app.
Read full definitionIn cryptocurrency, a swap is the direct exchange of one token for another on a blockchain, often via decentralized exchanges (DEXs) without intermediaries.
Read full definitionBitcoin (BTC) is the first decentralized cryptocurrency, launched in 2009. It uses blockchain technology for secure, peer-to-peer digital transactions without intermediaries.
Read full definitionA phishing attack tricks crypto users into revealing private keys, seed phrases, or login details via fake emails, websites, or messages mimicking legitimate wallets or exchanges.
Read full definitionRecovery is the process of restoring access to a cryptocurrency wallet using its seed phrase or mnemonic backup if the original wallet is lost or inaccessible.
Read full definitionLedger is a brand of hardware wallets that securely store cryptocurrency private keys offline, such as the Ledger Nano series.
Read full definitionA backup in cryptocurrency is a secure copy of a wallet's seed phrase or private keys. It enables recovery of funds if the original wallet is lost or damaged.
Read full definitionEthereum is a decentralized blockchain platform that enables smart contracts and decentralized applications (dApps). Its native cryptocurrency is Ether (ETH).
Read full definitionReady to Choose a Secure Wallet?
Use our tools to find the right hardware wallet for your needs.