A large number of encrypted Twitter accounts have been stolen. How to prevent SIM card replacement attacks?

Original source: Cointelegraph

Original compilation:Wu talks about blockchain

On July 21, the Twitter account of Uniswap founder Hayden Adams was hacked and he posted a tweet containing a phishing link. It is reported that the hack may be a type of SIM card theft, in which the attacker takes over the victims phone number, allowing them to access bank accounts, credit cards or accounts.

On July 23, Coinlists account was also hacked and phishing links were posted. In addition, the Twitter account of LayerZero was stolen on July 5, the official Twitter account of DEX trading aggregation platform Slingshot was stolen in June, and the Twitter account of BitBoy founder Ben Armstrong was stolen, etc. Why are a large number of encrypted accounts stolen? How should users take precautions?

The following is the full-text translation of Cointelegraphs article (Original link）：

Since SIM swapping attacks are generally seen as requiring little technical skill, users must remain vigilant about the security of their identities. While cybersecurity infrastructure continues to improve, online identities still face many risks, including those associated with users’ phone numbers being hacked.

In early July, LayerZero CEO Bryan Pellegrino became one of the victims of the latest SIM swap attack, which allowed hackers to briefly take over his Twitter account. Pellegrino wrote soon after regaining his Twitter account: My guess is that someone took my ID from the trash and somehow tricked the agent into using it as a SIM card when I left Collision. Replacement identification. Pellegrino told Cointelegraph: It was just a normal paper conference badge for Bryan Pellegrino - speaker.

Pellegrinos experience may lead users to believe that performing a SIM swap attack is as easy as taking someone elses ID. Cointelegraph has reached out to a number of cryptocurrency security firms to find out if this is true.

What is a SIM swap attack

A SIM swap attack is a form of identity theft in which an attacker takes over a victims phone number, thereby gaining access to their bank account, credit card, or cryptocurrency account.

In 2021, the FBI received more than 1,600 SIM card replacement complaints involving losses of more than $68 million. This represents a 400% increase in complaints compared to complaints received in the previous three years, indicating that SIM swap attacks are “definitely on the rise,” CertiK’s director of security operations Hugh Brooks told Cointelegraph. If we dont move away from two-step verification that relies on text messages, and telecom providers dont improve their security standards, we may see the number of attacks continue to grow, Brooks said.

According to 23pds, chief information security officer at SlowMist Security, SIM swapping attacks are not very common now, but have significant growth potential in the near future. As the popularity of Web3 increases, attracting more people into the industry, the potential for SIM swap attacks will also increase due to its relatively low technical requirements, he said.

23 pds mentioned a number of cases of SIM swap hacks involving cryptocurrencies over the past few years. In October 2021, Coinbase officially disclosed that hackers had stolen cryptocurrencies from at least 6,000 customers due to a two-step verification (2 FA) vulnerability. Previously, British hacker Joseph OConnor was indicted in 2019 for stealing approximately $800,000 in cryptocurrency through multiple SIM card swap attacks.

How difficult is it to perform a SIM swap attack

According to CertiK executives, SIM swapping attacks can often be accomplished using publicly available information or information obtained through social engineering techniques. Overall, SIM swapping may be seen as a lower barrier to entry for attackers than more technically demanding attacks such as smart contract exploits or exchange hacks, CertiKs Brooks said.

SlowMists 23 pds agree that SIM swapping does not require advanced technical skills. He also noted that this kind of SIM swapping is pervasive in the Web2 world, so its not surprising in a Web3 environment. Its usually easier to execute, with social engineering techniques to trick the operators or customer service personnel in question, he said.

How to Prevent SIM Swap Attacks

Since SIM swapping attacks usually dont require much technical skill on the part of the hacker, users must remain vigilant about the security of their identities to prevent such attacks.

A core protection against SIM swapping attacks is to restrict the use of SIM-based two-step verification methods. Hackens Budorin points out that rather than relying on methods like SMS, its better to use apps like Google Authenticator or Authy.

SlowMists 23 pds also mention more strategies like multi-factor authentication and enhanced account verification like additional passwords. He also strongly recommends users to set a strong password or PIN code for SIM card or mobile phone account.

Another way to avoid SIM swapping is to protect personal data such as name, address, phone number and date of birth. SlowMists 23 pds also recommends carefully reviewing online accounts for any unusual activity.

CertiKs Brooks emphasized that platforms should also take responsibility for promoting safe secondary verification practices. For example, companies could require additional verification before allowing changes to account information and educate users about the risks of SIM swapping.