Ethereum
$208.57 -3.54%
ETH · 14w

Reminder: SMS is trivially vulnerable to SIM-swapping and SS7-hijacking. Never use for crypto.

The Most Expensive Lesson Of My Life: Details of SIM port hack

I lost north of $100,000 last Wednesday. It evaporated over a 24-hour time span in a “SIM port attack” that drained my Coinbase account. It has been four days since the incident and I’m gutted. I have zero appetite; my sleep is restless; I am awash in feelings of anxiety, remorse, and embarrassment.

This was the single most expensive lesson of my life and I want to share my experience + lessons learned with as many people as possible. My goal is to increase awareness about these types of attacks and to motivate you to increase the security of your online identity.

This is still very raw (I haven’t even told my family yet); please reserve judgement with regards to the naive security practices laid out in this post.

Details Of The Attack

You might be asking yourself, what exactly is a “SIM port attack”? In order to describe the attack, let’s examine a typical online identity. The diagram below should look familiar to most people.

Most of us have a primary email account that is connected to A LOT of other online accounts. Most of us also have a mobile device that can be used to recover your email password should you ever forget it. Authorized SIM Porting

The ability to port your SIM card to another device is a service that mobile carriers provide to their customers. It allows a customer to request their phone number be transferred to a new device. In most cases, this is a perfectly legitimate request; this happens when we upgrade to a new phone, switch mobile carriers, etc.

A SIM Port Attack

A “SIM port attack”, however, is a malicious port performed by an unauthorized source — the attacker. The attacker ports your SIM card to a phone that they control. The attacker then initiates the password reset flow on your email account. A verification code is sent from your email provider to your phone number — which is intercepted by the attacker, as they now con...

Continue on medium.com
Recent news
ETH -3.54% · thecoinrise.com · 6h

Ethereum ETH Price Weekly

Ethereum ETH price is correcting gains from $225 against the US Dollar, while bitcoin is declining. ETH might revisit the $200 support area.
ETH -3.54% · medium.com · 15h

Rocket Pool 2 — Beta v1 Guide

Welcome all to the public beta for the latest, greatest version of Rocket Pool! This guide will walk you through how to set your computer up to interact with the beta when it launches on the 24th of…