Ethereum
$341.72 7.27%
ETH · 2w

Reminder: SMS is trivially vulnerable to SIM-swapping and SS7-hijacking. Never use for crypto.

The Most Expensive Lesson Of My Life: Details of SIM port hack

I lost north of $100,000 last Wednesday. It evaporated over a 24-hour time span in a “SIM port attack” that drained my Coinbase account. It has been four days since the incident and I’m gutted. I have zero appetite; my sleep is restless; I am awash in feelings of anxiety, remorse, and embarrassment.

This was the single most expensive lesson of my life and I want to share my experience + lessons learned with as many people as possible. My goal is to increase awareness about these types of attacks and to motivate you to increase the security of your online identity.

This is still very raw (I haven’t even told my family yet); please reserve judgement with regards to the naive security practices laid out in this post.

Details Of The Attack

You might be asking yourself, what exactly is a “SIM port attack”? In order to describe the attack, let’s examine a typical online identity. The diagram below should look familiar to most people.

Most of us have a primary email account that is connected to A LOT of other online accounts. Most of us also have a mobile device that can be used to recover your email password should you ever forget it. Authorized SIM Porting

The ability to port your SIM card to another device is a service that mobile carriers provide to their customers. It allows a customer to request their phone number be transferred to a new device. In most cases, this is a perfectly legitimate request; this happens when we upgrade to a new phone, switch mobile carriers, etc.

A SIM Port Attack

A “SIM port attack”, however, is a malicious port performed by an unauthorized source — the attacker. The attacker ports your SIM card to a phone that they control. The attacker then initiates the password reset flow on your email account. A verification code is sent from your email provider to your phone number — which is intercepted by the attacker, as they now con...

Continue on medium.com
Recent news
ETH +7.27% · gumeta.report · 8h

Gods Unchained meta report - July 17 to July 23

This week marked the first full week of recorded match results for Gods Unchained. It was Week 2 of the open beta test. Our GU testers played a total of 4,788 games this week with a high of 802 on Thu...
ETH +7.27% · thedefiant.substack.com · 9h

ETH Looking Cheap Versus Bitcoin

Good morning defiers! Here’s what’s interesting in the intersection of blockchain and finance today: Ether is looking cheap MakerDAO is losing market dominance The lottery with no losers went open sou...
ETH +7.27% · blog.bounty0x.io · 11h

Weekly Distribution Report — June 26th, 2018

Tokens that we have received and are ready to be distributed. You can view the bounty campaign results for each of these campaigns here. List of campaigns that have been reviewed and are just…
ETH +7.27% · straitstimes.com · 13h

Accountancy giant PwC now audits crypto companies

HONG KONG (BLOOMBERG) - Accountancy giant PricewaterhouseCoopers LLP has added cryptocurrency auditing to its list of services as the firm expands into an asset class that is steadily adopting the acc...
ETH +7.27% · medium.com · 14h

Opera Partners With Marble.Cards

We are thrilled to announce a partnership between Opera and Marble.Cards! Opera’s latest mobile web browser has a built-in crypto wallet and Marble.Cards will be the promoted dapp for people to…
ETH +7.27% · readarticle.live · 14h

Hydro Pay: fast, feeless, payments for everyone

On the 29th June the Hydro team will be launching the first public release of Hydro Pay in the Google Play Store, with the iOS version to follow soon after. This means that for the first time users wi...
ETH +7.27% · youtu.be · 17h

Trader Talk - Bitcoin Goes Parabolic

Trader Talk - Bitcoin Goes Parabolic Jumping on live to discuss the next key levels for Bitcoin, Altcoins & crypto markets as a whole. #Bitcoin #Altcoins #Cr...