Hackers have discovered that the easiest and most direct way to steal cryptocurrency is to first steal phone numbers.
Hijacked phone numbers are used to drain crypto accounts
A growing number of online crimes begin with hackers persuading cellular phone companies to transfer a victim’s number to a device of their own. In many cases this allows the hacker to reset account passwords that use the phone number as a backup security measure gaining access to email, social media, and cryptocurrency accounts.
Though many who have been hacked this way are reluctant to admit the crime even highly successful, technical savvy investors have been targeted. Case in point Joby Weeks lost control of his phone number and subsequently, a million dollars worth of cryptocurrency was drained from his accounts. This despite requesting that his phone company add additional security measures after his wife and parents had their numbers stolen.
“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks.
Hackers seem to home in on those most active on social media platforms related to trading crypto-currency. Experts giving advice on forums and even consultants that appear on mainstream media talking about investing have been successfully targeted through this method.
Bump up your security
This rash of phone porting is the unintended result of what was supposed to be a security upgrade known as two-factor authentication. Many email providers and financial services require phone numbers to be added to passwords in order to verify a users identity not seeing how easily the system could be reversed.
Service providers have taken it upon themselves to upgrade their own security measures by including more complicated PIN’s and adding complex security questions as a requirement for making changes. The problem is that customer service agents still have leeway to allow changes on a case to case basis.
“These guys will sit and call 600 times before they get through and get an agent on the line that’s an idiot,”
Mr. Weeks said.
There are many measures anyone can take to make their accounts more hack proof.
- Add a password to mobile phone accounts.
- Create an email address specifically for use with cryptocurrency accounts.
- Use a phone number for cryptocurrency accounts that you don’t use for anything else.
- Enable two-factor identification using google authenticator, not SMS text messaging.
- Change passwords frequently and never use the same one on multiple accounts.
Probably the two most important ways to secure cryptocurrency is to first hold it in a secure (offline) multi-signature wallet and to keep a low profile online and in life about your trading activity.
In the end, no amount of precaution can stop dedicated hackers if they really want to access information. The goal is to become a less inviting target. It’s like the line about meeting a bear in the woods while hiking, it’s not necessary to outrun the bear just the other people.